From bb7872370cded230d9593a9f5f3f756f95e7514f Mon Sep 17 00:00:00 2001
From: Filip Pytloun <filip@pytloun.cz>
Date: Thu, 20 Nov 2025 13:46:55 +0100
Subject: [PATCH] ci(workflows): split deploy workflow and rename publish ->
 build

- rename .gitea/workflows/build.yml top-level name from "publish" to "build"
- remove workflow_dispatch inputs and deploy/promote jobs from build.yml
- add new .gitea/workflows/deploy.yml containing:
  - workflow_dispatch input "sha"
  - promote-and-deploy job (podman login, promote/push, logout, failure notification)
  - deploy job (write kubeconfig, rollout restart/status, failure notification)
---
 .gitea/workflows/build.yml  | 81 +--------------------------------
 .gitea/workflows/deploy.yml | 91 +++++++++++++++++++++++++++++++++++++
 2 files changed, 92 insertions(+), 80 deletions(-)
 create mode 100644 .gitea/workflows/deploy.yml

diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml
index b234fa8..f8743c0 100644
--- a/.gitea/workflows/build.yml
+++ b/.gitea/workflows/build.yml
@@ -1,15 +1,9 @@
 ---
-name: publish
+name: build
 
 on:
   push:
     branches: [ master ]
-  workflow_dispatch:
-    inputs:
-      sha:
-        description: Commit SHA to promote (defaults to dispatch SHA)
-        required: false
-        type: string
 
 permissions:
   contents: read
@@ -101,76 +95,3 @@ jobs:
             --form-string "url=${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
             -F "message=Workflow failed on ${{ github.repository }}" \
             https://api.pushover.net/1/messages.json
-
-  promote-and-deploy:
-    if: github.event_name == 'workflow_dispatch'
-    runs-on: docker
-    container:
-      image: quay.io/podman/stable:v5.4
-      options: >-
-        --privileged
-        --security-opt seccomp=unconfined
-        --device /dev/fuse
-        --user root
-    env:
-      CONTAINERS_STORAGE_DRIVER: vfs
-      BUILDAH_FORMAT: docker
-      XDG_RUNTIME_DIR: /tmp/run
-      SHA_INPUT: ${{ inputs.sha }}
-    steps:
-      - name: Podman login
-        env:
-          REGISTRY_USERNAME: ${{ secrets.dockerhub_username }}
-          REGISTRY_PASSWORD: ${{ secrets.dockerhub_password }}
-        run: |
-          mkdir -p /var/lib/containers "$XDG_RUNTIME_DIR"
-          echo -n "$REGISTRY_PASSWORD" | podman login --username "$REGISTRY_USERNAME" --password-stdin "$REGISTRY_SERVER"
-      - name: Promote latest from SHA
-        run: |
-          set -euo pipefail
-          SHA_TO_PROMOTE=${SHA_INPUT:-${GITHUB_SHA}}
-          echo "== Promoting ${RELEASE_IMAGE_NAME}:${SHA_TO_PROMOTE} into production"
-          podman pull "docker://${RELEASE_IMAGE_NAME}:${SHA_TO_PROMOTE}"
-          podman push "${RELEASE_IMAGE_NAME}:${SHA_TO_PROMOTE}" "docker://${RELEASE_IMAGE_NAME}:latest"
-      - name: Logout
-        if: always()
-        run: |
-          podman logout "${REGISTRY_SERVER}"
-      - name: Notify via Pushover on failure
-        if: failure()
-        run: |
-          curl -v \
-            -F "token=${{ secrets.PUSHOVER_TOKEN }}" \
-            -F "user=${{ secrets.PUSHOVER_USER }}" \
-            --form-string "title=HomeAssistant Promote Failed" \
-            --form-string "url=${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
-            -F "message=Workflow failed on ${{ github.repository }}" \
-            https://api.pushover.net/1/messages.json
-
-  deploy:
-    if: github.event_name == 'workflow_dispatch'
-    runs-on: docker
-    needs: promote-and-deploy
-    container:
-      image: bitnami/kubectl
-    steps:
-      - name: Write kubeconfig
-        env:
-          KUBECONFIG_CONTENT: ${{ secrets.kubeconfig }}
-        run: |
-          echo "$KUBECONFIG_CONTENT" > kubeconfig
-      - name: Rollout restart
-        run: |
-          kubectl --kubeconfig=kubeconfig -n ${KUBERNETES_NAMESPACE} rollout restart deployment/hass
-          kubectl --kubeconfig=kubeconfig -n ${KUBERNETES_NAMESPACE} rollout status deployment/hass
-      - name: Notify via Pushover on failure
-        if: failure()
-        run: |
-          curl -v \
-            -F "token=${{ secrets.PUSHOVER_TOKEN }}" \
-            -F "user=${{ secrets.PUSHOVER_USER }}" \
-            --form-string "title=HomeAssistant Deploy Failed" \
-            --form-string "url=${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
-            -F "message=Workflow failed on ${{ github.repository }}" \
-            https://api.pushover.net/1/messages.json
-
diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
new file mode 100644
index 0000000..34dcc78
--- /dev/null
+++ b/.gitea/workflows/deploy.yml
@@ -0,0 +1,91 @@
+---
+name: deploy
+
+on:
+  workflow_dispatch:
+    inputs:
+      sha:
+        description: Commit SHA to promote (defaults to dispatch SHA)
+        required: false
+        type: string
+
+permissions:
+  contents: read
+
+env:
+  REGISTRY_SERVER: docker.io
+  RELEASE_IMAGE_NAME: docker.io/genunix/homeassistant
+  KUBERNETES_NAMESPACE: hass
+
+jobs:
+  promote-and-deploy:
+    if: github.event_name == 'workflow_dispatch'
+    runs-on: docker
+    container:
+      image: quay.io/podman/stable:v5.4
+      options: >-
+        --privileged
+        --security-opt seccomp=unconfined
+        --device /dev/fuse
+        --user root
+    env:
+      CONTAINERS_STORAGE_DRIVER: vfs
+      BUILDAH_FORMAT: docker
+      XDG_RUNTIME_DIR: /tmp/run
+      SHA_INPUT: ${{ inputs.sha }}
+    steps:
+      - name: Podman login
+        env:
+          REGISTRY_USERNAME: ${{ secrets.dockerhub_username }}
+          REGISTRY_PASSWORD: ${{ secrets.dockerhub_password }}
+        run: |
+          mkdir -p /var/lib/containers "$XDG_RUNTIME_DIR"
+          echo -n "$REGISTRY_PASSWORD" | podman login --username "$REGISTRY_USERNAME" --password-stdin "$REGISTRY_SERVER"
+      - name: Promote latest from SHA
+        run: |
+          set -euo pipefail
+          SHA_TO_PROMOTE=${SHA_INPUT:-${GITHUB_SHA}}
+          echo "== Promoting ${RELEASE_IMAGE_NAME}:${SHA_TO_PROMOTE} into production"
+          podman pull "docker://${RELEASE_IMAGE_NAME}:${SHA_TO_PROMOTE}"
+          podman push "${RELEASE_IMAGE_NAME}:${SHA_TO_PROMOTE}" "docker://${RELEASE_IMAGE_NAME}:latest"
+      - name: Logout
+        if: always()
+        run: |
+          podman logout "${REGISTRY_SERVER}"
+      - name: Notify via Pushover on failure
+        if: failure()
+        run: |
+          curl -v \
+            -F "token=${{ secrets.PUSHOVER_TOKEN }}" \
+            -F "user=${{ secrets.PUSHOVER_USER }}" \
+            --form-string "title=HomeAssistant Promote Failed" \
+            --form-string "url=${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
+            -F "message=Workflow failed on ${{ github.repository }}" \
+            https://api.pushover.net/1/messages.json
+
+  deploy:
+    if: github.event_name == 'workflow_dispatch'
+    runs-on: docker
+    needs: promote-and-deploy
+    container:
+      image: bitnami/kubectl
+    steps:
+      - name: Write kubeconfig
+        env:
+          KUBECONFIG_CONTENT: ${{ secrets.kubeconfig }}
+        run: |
+          echo "$KUBECONFIG_CONTENT" > kubeconfig
+      - name: Rollout restart
+        run: |
+          kubectl --kubeconfig=kubeconfig -n ${KUBERNETES_NAMESPACE} rollout restart deployment/hass
+          kubectl --kubeconfig=kubeconfig -n ${KUBERNETES_NAMESPACE} rollout status deployment/hass
+      - name: Notify via Pushover on failure
+        if: failure()
+        run: |
+          curl -v \
+            -F "token=${{ secrets.PUSHOVER_TOKEN }}" \
+            -F "user=${{ secrets.PUSHOVER_USER }}" \
+            --form-string "title=HomeAssistant Deploy Failed" \
+            --form-string "url=${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
+            -F "message=Workflow failed on ${{ github.repository }}" \
+            https://api.pushover.net/1/messages.json