diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml index b234fa8..f8743c0 100644 --- a/.gitea/workflows/build.yml +++ b/.gitea/workflows/build.yml @@ -1,15 +1,9 @@ --- -name: publish +name: build on: push: branches: [ master ] - workflow_dispatch: - inputs: - sha: - description: Commit SHA to promote (defaults to dispatch SHA) - required: false - type: string permissions: contents: read @@ -101,76 +95,3 @@ jobs: --form-string "url=${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ -F "message=Workflow failed on ${{ github.repository }}" \ https://api.pushover.net/1/messages.json - - promote-and-deploy: - if: github.event_name == 'workflow_dispatch' - runs-on: docker - container: - image: quay.io/podman/stable:v5.4 - options: >- - --privileged - --security-opt seccomp=unconfined - --device /dev/fuse - --user root - env: - CONTAINERS_STORAGE_DRIVER: vfs - BUILDAH_FORMAT: docker - XDG_RUNTIME_DIR: /tmp/run - SHA_INPUT: ${{ inputs.sha }} - steps: - - name: Podman login - env: - REGISTRY_USERNAME: ${{ secrets.dockerhub_username }} - REGISTRY_PASSWORD: ${{ secrets.dockerhub_password }} - run: | - mkdir -p /var/lib/containers "$XDG_RUNTIME_DIR" - echo -n "$REGISTRY_PASSWORD" | podman login --username "$REGISTRY_USERNAME" --password-stdin "$REGISTRY_SERVER" - - name: Promote latest from SHA - run: | - set -euo pipefail - SHA_TO_PROMOTE=${SHA_INPUT:-${GITHUB_SHA}} - echo "== Promoting ${RELEASE_IMAGE_NAME}:${SHA_TO_PROMOTE} into production" - podman pull "docker://${RELEASE_IMAGE_NAME}:${SHA_TO_PROMOTE}" - podman push "${RELEASE_IMAGE_NAME}:${SHA_TO_PROMOTE}" "docker://${RELEASE_IMAGE_NAME}:latest" - - name: Logout - if: always() - run: | - podman logout "${REGISTRY_SERVER}" - - name: Notify via Pushover on failure - if: failure() - run: | - curl -v \ - -F "token=${{ secrets.PUSHOVER_TOKEN }}" \ - -F "user=${{ secrets.PUSHOVER_USER }}" \ - --form-string "title=HomeAssistant Promote Failed" \ - --form-string "url=${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ - -F "message=Workflow failed on ${{ github.repository }}" \ - https://api.pushover.net/1/messages.json - - deploy: - if: github.event_name == 'workflow_dispatch' - runs-on: docker - needs: promote-and-deploy - container: - image: bitnami/kubectl - steps: - - name: Write kubeconfig - env: - KUBECONFIG_CONTENT: ${{ secrets.kubeconfig }} - run: | - echo "$KUBECONFIG_CONTENT" > kubeconfig - - name: Rollout restart - run: | - kubectl --kubeconfig=kubeconfig -n ${KUBERNETES_NAMESPACE} rollout restart deployment/hass - kubectl --kubeconfig=kubeconfig -n ${KUBERNETES_NAMESPACE} rollout status deployment/hass - - name: Notify via Pushover on failure - if: failure() - run: | - curl -v \ - -F "token=${{ secrets.PUSHOVER_TOKEN }}" \ - -F "user=${{ secrets.PUSHOVER_USER }}" \ - --form-string "title=HomeAssistant Deploy Failed" \ - --form-string "url=${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ - -F "message=Workflow failed on ${{ github.repository }}" \ - https://api.pushover.net/1/messages.json - diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml new file mode 100644 index 0000000..34dcc78 --- /dev/null +++ b/.gitea/workflows/deploy.yml @@ -0,0 +1,91 @@ +--- +name: deploy + +on: + workflow_dispatch: + inputs: + sha: + description: Commit SHA to promote (defaults to dispatch SHA) + required: false + type: string + +permissions: + contents: read + +env: + REGISTRY_SERVER: docker.io + RELEASE_IMAGE_NAME: docker.io/genunix/homeassistant + KUBERNETES_NAMESPACE: hass + +jobs: + promote-and-deploy: + if: github.event_name == 'workflow_dispatch' + runs-on: docker + container: + image: quay.io/podman/stable:v5.4 + options: >- + --privileged + --security-opt seccomp=unconfined + --device /dev/fuse + --user root + env: + CONTAINERS_STORAGE_DRIVER: vfs + BUILDAH_FORMAT: docker + XDG_RUNTIME_DIR: /tmp/run + SHA_INPUT: ${{ inputs.sha }} + steps: + - name: Podman login + env: + REGISTRY_USERNAME: ${{ secrets.dockerhub_username }} + REGISTRY_PASSWORD: ${{ secrets.dockerhub_password }} + run: | + mkdir -p /var/lib/containers "$XDG_RUNTIME_DIR" + echo -n "$REGISTRY_PASSWORD" | podman login --username "$REGISTRY_USERNAME" --password-stdin "$REGISTRY_SERVER" + - name: Promote latest from SHA + run: | + set -euo pipefail + SHA_TO_PROMOTE=${SHA_INPUT:-${GITHUB_SHA}} + echo "== Promoting ${RELEASE_IMAGE_NAME}:${SHA_TO_PROMOTE} into production" + podman pull "docker://${RELEASE_IMAGE_NAME}:${SHA_TO_PROMOTE}" + podman push "${RELEASE_IMAGE_NAME}:${SHA_TO_PROMOTE}" "docker://${RELEASE_IMAGE_NAME}:latest" + - name: Logout + if: always() + run: | + podman logout "${REGISTRY_SERVER}" + - name: Notify via Pushover on failure + if: failure() + run: | + curl -v \ + -F "token=${{ secrets.PUSHOVER_TOKEN }}" \ + -F "user=${{ secrets.PUSHOVER_USER }}" \ + --form-string "title=HomeAssistant Promote Failed" \ + --form-string "url=${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ + -F "message=Workflow failed on ${{ github.repository }}" \ + https://api.pushover.net/1/messages.json + + deploy: + if: github.event_name == 'workflow_dispatch' + runs-on: docker + needs: promote-and-deploy + container: + image: bitnami/kubectl + steps: + - name: Write kubeconfig + env: + KUBECONFIG_CONTENT: ${{ secrets.kubeconfig }} + run: | + echo "$KUBECONFIG_CONTENT" > kubeconfig + - name: Rollout restart + run: | + kubectl --kubeconfig=kubeconfig -n ${KUBERNETES_NAMESPACE} rollout restart deployment/hass + kubectl --kubeconfig=kubeconfig -n ${KUBERNETES_NAMESPACE} rollout status deployment/hass + - name: Notify via Pushover on failure + if: failure() + run: | + curl -v \ + -F "token=${{ secrets.PUSHOVER_TOKEN }}" \ + -F "user=${{ secrets.PUSHOVER_USER }}" \ + --form-string "title=HomeAssistant Deploy Failed" \ + --form-string "url=${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ + -F "message=Workflow failed on ${{ github.repository }}" \ + https://api.pushover.net/1/messages.json