public/ci-templates
3
0
Fork 0
generated from public/repo-template
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

init

Browse Source
This commit is contained in:
Senderman
2025-11-11 02:29:49 +03:00
commit 1c90cc90af
10 changed files with 475 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
.gitea/workflows/docker_build.yaml Normal file
View File

@@ -0,0 +1,78 @@
name: Build docker image
on:
workflow_call:
inputs:
ci_image:
required: true
type: string
description: image to use inside the workflow jobs
default: git.romalex.cc/public/ci-image:v1
registry:
required: true
type: string
description: registry to push images to
default: git.romalex.cc
dockerfile_path:
required: true
type: string
description: path to Dockerfile
default: Dockerfile
registry_user:
required: true
type: string
description: username to access gitea registry
default: ${{ github.actor }}
secrets:
registry_access_token:
required: true
description: Token to access the gitea registry
outputs:
version:
description: Published image version
value: ${{ jobs.set_version.outputs.version }}
jobs:
set_version:
name: Set image version
runs-on: romalex-public
container:
image: ${{ inputs.ci_image }}
outputs:
version: ${{ steps.calculate.outputs.version }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Calculate image version
id: calculate
run: |
if [ -s version.txt ]; then
echo "version=$(cat version.txt)" >> "${GITHUB_OUTPUT}"
elif [ "${{ github.ref_type }}" = 'tag' ]; then
echo 'version=${{ github.ref_name }}' >> "${GITHUB_OUTPUT}"
else
echo "version=$(echo '${{ github.sha }}' | cut -c -6)" >> "${GITHUB_OUTPUT}"
fi
build_image:
name: Build docker image
runs-on: romalex-public
container:
image: ${{ inputs.ci_image }}
needs: set_version
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Login to registry
uses: docker/login-action@v3
with:
registry: ${{ inputs.registry }}
username: ${{ inputs.registry_user }}
password: ${{ secrets.registry_access_token }}
- name: Build and push
uses: docker/build-push-action@v6
with:
push: true
file: ${{ inputs.dockerfile_path }}
tags: |
${{ inputs.registry }}/${{ github.repository }}:${{ needs.set_version.outputs.version }}

48
.gitea/workflows/drist.yaml Normal file
View File

@@ -0,0 +1,48 @@
name: Drist
on:
workflow_call:
inputs:
ci_image:
required: true
type: string
description: image to use inside the workflow jobs
default: git.romalex.cc/public/ci-image:v1
hosts_file:
required: true
type: string
description: file containing hosts for drist
default: hosts
ssh_options:
required: true
type: string
description: options to pass to ssh client
default: -o StrictHostKeyChecking=no
secrets:
ssh_private_key:
required: true
description: SSH private key to access the hosts
jobs:
drist:
name: Run drist
runs-on: romalex-public
container:
image: ${{ inputs.ci_image }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Prepare SSH client
run: |
cat > ~/.ssh/private_key << EOF
${{ secrets.ssh_private_key }}
EOF
chmod 600 ~/.ssh/private_key
if [ -f ssh_config ]; then
cp ssh_config ~/.ssh/config
chmod 600 ~/.ssh/config
fi
- name: Run Drist
env:
SSH_PARAMS: ${{ inputs.ssh_options }} -i /root/.ssh/private_key
run: drist -s ${{ inputs.hosts_file }}

53
.gitea/workflows/helm_chart_publish.yaml Normal file
View File

@@ -0,0 +1,53 @@
name: Publish helm chart
on:
workflow_call:
inputs:
ci_image:
required: true
type: string
description: image to use inside the workflow jobs
default: git.romalex.cc/public/ci-image:v1
registry_user:
required: true
type: string
description: username to access gitea registry
default: ${{ github.actor }}
secrets:
registry_access_token:
required: true
description: Token to access the gitea registry
jobs:
lint:
name: Lint Helm chart
runs-on: romalex-public
container:
image: ${{ inputs.ci_image }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Lint
run: helm lint .
package:
name: Package and publish helm chart
runs-on: romalex-public
container:
image: ${{ inputs.ci_image }}
needs: lint
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Cleanup
run: |
rm -rf .git
rm -rf .gitea
- name: Package
run: helm package .
- name: Publish
run: |
CHART_NAME=$(yq .name < Chart.yaml)
CHART_VERSION=$(yq .version < Chart.yaml)
curl -u ${{ inputs.registry_user }}:${{ secrets.registry_access_token }} \
-X POST \
--upload-file "${CHART_NAME}-${CHART_VERSION}.tgz" \
${{ github.server_url }}/api/packages/${{ github.repository_owner }}/helm/api/charts

103
.gitea/workflows/helm_values_deploy.yaml Normal file
View File

@@ -0,0 +1,103 @@
name: Deploy to application version
on:
workflow_call:
inputs:
ci_image:
required: true
type: string
description: image to use inside the workflow jobs
default: git.romalex.cc/public/ci-image:v1
deploy_repo_server:
required: true
type: string
description: deploy repo server
default: git.romalex.cc
deploy_repo_server_port:
required: true
type: number
description: deploy repo server port
default: 2222
deploy_repo_server_user:
required: true
type: string
description: username to access the deploy repo server. Typically git for github and gitea for gitea
default: gitea
deploy_repo_branch:
required: true
type: string
description: branch to checkout and to update in deploy repo
default: master
tag_property_path:
required: true
type: string
description: path to the property containing image tag to update
version:
required: true
type: string
description: version of the docker image to update the application to
deploy_repo:
required: true
type: string
description: path to the deploy repo (without server). for example, romalex/deploy
values_file_path:
required: true
type: string
description: path to the helm values file to update the tag
secrets:
deploy_repo_ssh_key:
required: true
description: private SSH key to clone from/push to deploy repo
jobs:
get_author_email:
name: Get author email
runs-on: romalex-public
container:
image: ${{ inputs.ci_image }}
outputs:
author_email: ${{ steps.get_email.outputs.author_email }}
steps:
- name: Get author email
id: get_email
run: |
email="$(curl -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
${{ github.api_url }}/users/${{ github.actor }} | \
jq -r .email)"
echo "author_email=${email}" >> "${GITHUB_OUTPUT}"
update_image_tag:
name: Update image tag
runs-on: romalex-public
container:
image: ${{ inputs.ci_image }}
needs: get_author_email
steps:
- name: Configure git
run: |
git config --global user.email "${{ needs.get_author_email.outputs.author_email }}"
git config --global user.name "${{ github.actor }}"
- name: Configure ssh
run: |
cat > ~/.ssh/private_key << EOF
${{ secrets.deploy_repo_ssh_key }}
EOF
chmod 600 ~/.ssh/private_key
cat > ~/.ssh/config << EOF
Host ${{ inputs.deploy_repo_server }}
IdentityFile ~/.ssh/private_key
User ${{ inputs.deploy_repo_server_user }}
Port ${{ inputs.deploy_repo_server_port }}
StrictHostKeyChecking no
EOF
- name: Clone repo and update image tag
run: |
deploy_repo='ssh://${{ inputs.deploy_repo_server_user }}@${{ inputs.deploy_repo_server }}:${{ inputs.deploy_repo_server_port }}/${{ inputs.deploy_repo }}.git'
git clone --depth 1 "${deploy_repo}"
directory="${deploy_repo##*/}"
directory="${directory%.git}"
cd "${directory}"
git switch '${{ inputs.deploy_repo_branch }}'
yq e '${{ inputs.tag_property_path }} = "${{ inputs.version }}"' -i '${{ inputs.values_file_path }}'
git add .
git commit -m 'Update ${{ github.repository }} to ${{ inputs.version }}'
git push origin '${{ inputs.deploy_repo_branch }}'

51
.gitea/workflows/terraform.yaml Normal file
View File

@@ -0,0 +1,51 @@
name: Run terraform
on:
workflow_call:
inputs:
terraform_image:
required: true
type: string
description: image to use inside the workflow jobs
default: git.romalex.cc/public/terraform-image:v1
action:
required: true
type: string
description: action to run. must be PLAN or APPLY, or else would do nothing
workspace:
required: true
type: string
description: terraform workspace name
secrets:
pg_conn_str:
required: true
description: value of PG_CONN_STR env
role_id:
required: true
description: value of TF_VAR_login_approle_role_id env
secret_id:
required: true
description: value of TF_VAR_login_approle_secret_id
jobs:
terraform:
name: Run terraform ${{ inputs.action }}
runs-on: romalex-public
container:
image: ${{ inputs.terraform_image }}
env:
PG_CONN_STR: ${{ secrets.pg_conn_str }}
TF_VAR_login_approle_role_id: ${{ secrets.role_id }}
TF_VAR_login_approle_secret_id: ${{ secrets.secret_id }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Init terraform
run: terraform init
- name: Select workspace
run: terraform workspace select -or-create ${{ inputs.workspace }}
- name: Terraform Plan
if: ${{ inputs.action == 'PLAN' }}
run: terraform plan
- name: Terraform Apply
if: ${{ inputs.action == 'APPLY' }}
run: terraform apply -auto-approve