ditmarvisser/gitea-workflows
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
08555c5e37720cf094ce0f2b1272cac79d032d3a
gitea-workflows/.gitea/workflows/deploy-compose-stack.yml
ditmarvisser 08555c5e37 build repo url
2025-07-25 19:40:49 +02:00

125 lines
4.1 KiB
YAML
Raw Blame History

name: Deploy Stack
on:
workflow_call:
inputs:
extra_vars:
required: false
type: string
description: "JSON string of extra variables to pass to Ansible"
jobs:
deploy:
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- name: Validate required secrets
run: |
if [ -z "${{ secrets.STAF_SSH_PRIVATE_KEY_BASE64 }}" ]; then
echo "❌ STAF_SSH_PRIVATE_KEY_BASE64 secret is required"
exit 1
fi
if [ -z "${{ secrets.STAF_HOST }}" ]; then
echo "❌ STAF_HOST secret is required"
exit 1
fi
if [ -z "${{ secrets.STAF_ANSIBLE_USER }}" ]; then
echo "❌ STAF_ANSIBLE_USER secret is required"
exit 1
fi
if [ -z "${{ secrets.ORG_GITEA_TOKEN }}" ]; then
echo "❌ ORG_GITEA_TOKEN secret is required"
exit 1
fi
if [ -z "${{ secrets.STAF_PUID }}" ]; then
echo "❌ STAF_PUID secret is required"
exit 1
fi
if [ -z "${{ secrets.STAF_PGID }}" ]; then
echo "❌ STAF_PGID secret is required"
exit 1
fi
if [ -z "${{ secrets.STAF_TIMEZONE }}" ]; then
echo "❌ STAF_TIMEZONE secret is required"
exit 1
fi
if [ -z "${{ secrets.STAF_APPDATA_ROOT }}" ]; then
echo "❌ STAF_APPDATA_ROOT secret is required"
exit 1
fi
- name: Checkout stack repository
uses: actions/checkout@v4
- name: Checkout shared ansible
uses: actions/checkout@v4
with:
repository: ${{ github.event.repository.owner.login }}/ansible-shared
path: ansible-shared
token: ${{ secrets.ORG_GITEA_TOKEN }}
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
# cache: "pip"
- name: Install dependencies
run: |
pip install ansible docker
- name: Setup SSH
run: |
mkdir -p ~/.ssh
printf "%s" "${{ secrets.STAF_SSH_PRIVATE_KEY_BASE64 }}" | base64 -d > ~/.ssh/ssh_key
chmod 600 ~/.ssh/ssh_key
eval $(ssh-agent -s)
ssh-add ~/.ssh/ssh_key
- name: Generate inventory from template
run: |
cd ansible-shared
sed -e "s/\${STAF_HOST}/${{ secrets.STAF_HOST }}/g" \
-e "s/\${STAF_ANSIBLE_USER}/${{ secrets.STAF_ANSIBLE_USER }}/g" \
inventory.template > inventory.ini
- name: Deploy stack with Ansible
run: |
cd ansible-shared
# Build the authenticated repo URL
SERVER_HOST=$(echo "${{ secrets.SERVER_URL }}" | sed 's|https://||')
REPO_URL="https://oauth2:${{ secrets.ORG_GITEA_TOKEN }}@${SERVER_HOST}/${{ github.repository }}.git"
export REPO_URL
EXTRA_VARS_FLAG=""
if [ -n "${{ inputs.extra_vars }}" ]; then
EXTRA_VARS_FLAG="--extra-vars '${{ inputs.extra_vars }}'"
fi
if ! eval "ansible-playbook -i inventory.ini deploy-compose-stack.yml $EXTRA_VARS_FLAG"; then
echo "❌ Ansible playbook execution failed"
exit 1
fi
env:
ANSIBLE_HOST_KEY_CHECKING: False
STACK_NAME: ${{ github.event.repository.name }}
STAF_HOST: ${{ secrets.STAF_HOST }}
STAF_ANSIBLE_USER: ${{ secrets.STAF_ANSIBLE_USER }}
STAF_PUID: ${{ secrets.STAF_PUID }}
STAF_PGID: ${{ secrets.STAF_PGID }}
STAF_TZ: ${{ secrets.STAF_TIMEZONE }}
STAF_APPDATA_ROOT: ${{ secrets.STAF_APPDATA_ROOT }}
- name: Notify deployment status
if: always()
run: |
if [ "${{ job.status }}" == "success" ]; then
echo "✅ Stack ${{ github.event.repository.name }} deployed successfully"
else
echo "❌ Stack ${{ github.event.repository.name }} deployment failed"
fi
- name: Cleanup SSH key
if: always()
run: |
rm -f ~/.ssh/ssh_key
Reference in New Issue View Git Blame Copy Permalink