add deploy compose stack workflow

2025-07-19 13:58:42 +02:00
commit 22eb014b24
1 changed files with 83 additions and 0 deletions
--- a/.gitea/workflows/deploy-compose-stack.yml
+++ b/.gitea/workflows/deploy-compose-stack.yml
@@ -0,0 +1,83 @@
+name: Deploy Stack
+
+on:
+  workflow_call:
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    steps:
+      - name: Validate required secrets
+        run: |
+          if [ -z "${{ secrets.STAF_SSH_KEY }}" ]; then
+            echo "❌ STAF_SSH_KEY secret is required"
+            exit 1
+          fi
+          if [ -z "${{ secrets.STAF_HOST }}" ]; then
+            echo "❌ STAF_HOST secret is required"
+            exit 1
+          fi
+          if [ -z "${{ secrets.STAF_ANSIBLE_USER }}" ]; then
+            echo "❌ STAF_ANSIBLE_USER secret is required"
+            exit 1
+          fi
+          if [ -z "${{ secrets.ORG_GITEA_TOKEN }}" ]; then
+            echo "❌ ORG_GITEA_TOKEN secret is required"
+            exit 1
+          fi
+
+      - name: Checkout stack repository
+        uses: actions/checkout@v4
+
+      - name: Checkout shared ansible
+        uses: actions/checkout@v4
+        with:
+          repository: ${{ github.event.repository.owner.login }}/ansible-shared
+          path: ansible-shared
+          token: ${{ secrets.ORG_GITEA_TOKEN }}
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+          cache: "pip"
+
+      - name: Install dependencies
+        run: |
+          pip install ansible docker
+
+      - name: Setup SSH
+        run: |
+          echo "${{ secrets.STAF_SSH_KEY }}" > /tmp/ssh_key
+          chmod 600 /tmp/ssh_key
+          eval $(ssh-agent -s)
+          ssh-add /tmp/ssh_key
+
+      - name: Deploy stack with Ansible
+        run: |
+          cd ansible-shared
+          if ! ansible-playbook -i inventory.ini deploy-compose-stack.yml; then
+            echo "❌ Ansible playbook execution failed"
+            exit 1
+          fi
+        env:
+          ANSIBLE_HOST_KEY_CHECKING: False
+          STACK_NAME: ${{ github.event.repository.name }}
+          REPO_URL: ${{ github.server_url }}/${{ github.repository }}.git
+          STAF_HOST: ${{ secrets.STAF_HOST }}
+          STAF_ANSIBLE_USER: ${{ secrets.STAF_ANSIBLE_USER }}
+
+      - name: Notify deployment status
+        if: always()
+        run: |
+          if [ "${{ job.status }}" == "success" ]; then
+            echo "✅ Stack ${{ github.event.repository.name }} deployed successfully"
+          else
+            echo "❌ Stack ${{ github.event.repository.name }} deployment failed"
+          fi
+
+      - name: Cleanup SSH key
+        if: always()
+        run: |
+          rm -f /tmp/ssh_key