diff --git a/.forgejo/workflows/build.yaml b/.forgejo/workflows/build.yaml index 469cd84..a43c66a 100644 --- a/.forgejo/workflows/build.yaml +++ b/.forgejo/workflows/build.yaml @@ -22,43 +22,34 @@ jobs: id: detect run: | set -euo pipefail - - set_output() { - local key="$1" - local value="$2" - if [ -n "${GITHUB_OUTPUT:-}" ]; then - echo "$key=$value" >> "$GITHUB_OUTPUT" - fi - echo "::set-output name=$key::$value" - } - + if git rev-parse --verify HEAD^ >/dev/null 2>&1; then CHANGED_FILES=$(git diff --name-only HEAD^ HEAD) else CHANGED_FILES=$(git ls-files) fi - + LAST_COMMIT_MSG=$(git log -1 --pretty=%B | tr '\n' ' ') - + echo "Changed files:" echo "$CHANGED_FILES" - + ALL_SERVICES='gateway,users,companies,jobs,leads,job-seekers,customers,payments,employees,photographers,makeup-artists,tutors,developers,video-editors,graphic-designers,social-media-managers,fitness-trainers,catering-services,ugc-content-creators,cron' - - # Force full build for explicit trigger commits. - if echo "$LAST_COMMIT_MSG" | grep -Eiq 'trigger forgejo pipeline|force build|rebuild all'; then - set_output "services_csv" "$ALL_SERVICES" - set_output "has_changes" "true" + + # Force full build for explicit trigger commits + if echo "$LAST_COMMIT_MSG" | grep -Eiq 'trigger build|force build|rebuild all'; then + echo "services_csv=$ALL_SERVICES" >> "$GITHUB_OUTPUT" + echo "has_changes=true" >> "$GITHUB_OUTPUT" exit 0 fi - - # Build everything for workflow/docker/shared backend changes. - if echo "$CHANGED_FILES" | grep -Eq '^(\.forgejo/workflows/|Dockerfile|Dockerfile\.|Cargo\.toml|Cargo\.lock|crates/|scripts/)'; then - set_output "services_csv" "$ALL_SERVICES" - set_output "has_changes" "true" + + # Build everything for workflow/docker/shared backend changes + if echo "$CHANGED_FILES" | grep -Eq '^(\.forgejo/workflows/|Dockerfile|Cargo\.toml|Cargo\.lock|crates/)'; then + echo "services_csv=$ALL_SERVICES" >> "$GITHUB_OUTPUT" + echo "has_changes=true" >> "$GITHUB_OUTPUT" exit 0 fi - + SERVICES='' add_service() { local svc="$1" @@ -73,7 +64,7 @@ jobs: ;; esac } - + while IFS= read -r f; do case "$f" in apps/gateway/*) add_service "gateway" ;; @@ -98,13 +89,13 @@ jobs: apps/cron/*) add_service "cron" ;; esac done <<< "$CHANGED_FILES" - + if [ -z "$SERVICES" ]; then - set_output "services_csv" "" - set_output "has_changes" "false" + echo "services_csv=" >> "$GITHUB_OUTPUT" + echo "has_changes=false" >> "$GITHUB_OUTPUT" else - set_output "services_csv" "$SERVICES" - set_output "has_changes" "true" + echo "services_csv=$SERVICES" >> "$GITHUB_OUTPUT" + echo "has_changes=true" >> "$GITHUB_OUTPUT" fi build: @@ -149,142 +140,29 @@ jobs: docker buildx inspect --bootstrap - name: Login to Registry - env: - REGISTRY_HOSTPORT: ${{ secrets.REGISTRY_HOSTPORT }} - REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} - REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} run: | set -euo pipefail export DOCKER_HOST=unix:///var/run/docker.sock - SHA="$(git rev-parse HEAD)" - test -n "$REGISTRY_HOSTPORT" - for attempt in 1 2 3 4 5; do - echo "Registry login attempt $attempt to $REGISTRY_HOSTPORT" - if echo "$REGISTRY_PASSWORD" | docker login "$REGISTRY_HOSTPORT" -u "$REGISTRY_USERNAME" --password-stdin; then - exit 0 - fi - echo "Registry login failed (attempt $attempt); retrying..." - sleep $((attempt * 8)) - done - - echo "Registry login failed after retries" - exit 1 + echo "Logging into registry.nxtgauge.com..." + echo "Ashwin@2026" | docker login registry.nxtgauge.com -u admin --password-stdin - name: Build and push env: - REGISTRY_HOSTPORT: ${{ secrets.REGISTRY_HOSTPORT }} SERVICES_CSV: ${{ needs.detect-changes.outputs.services_csv }} run: | set -euo pipefail export DOCKER_HOST=unix:///var/run/docker.sock - SHA="$(git rev-parse HEAD)" + SHA="${{ github.sha }}" + if [ -n "$SERVICES_CSV" ] && ! echo ",$SERVICES_CSV," | grep -q ",${{ matrix.service }},"; then echo "Skipping unchanged service: ${{ matrix.service }}" exit 0 fi - build_with_cache() { - docker buildx build --push \ - -f Dockerfile.simple \ - --build-arg SERVICE_NAME=${{ matrix.service }} \ - --cache-from type=registry,ref=$REGISTRY_HOSTPORT/nxtgauge-rust-${{ matrix.service }}:buildcache \ - --cache-to type=registry,ref=$REGISTRY_HOSTPORT/nxtgauge-rust-${{ matrix.service }}:buildcache,mode=max \ - -t "$REGISTRY_HOSTPORT/nxtgauge-rust-${{ matrix.service }}:${SHA}" \ - . - } - - build_without_cache_export() { - docker buildx build --push \ - -f Dockerfile.simple \ - --build-arg SERVICE_NAME=${{ matrix.service }} \ - --cache-from type=registry,ref=$REGISTRY_HOSTPORT/nxtgauge-rust-${{ matrix.service }}:buildcache \ - -t "$REGISTRY_HOSTPORT/nxtgauge-rust-${{ matrix.service }}:${SHA}" \ - . - } - - for attempt in 1 2 3; do - echo "Build attempt $attempt with cache export for ${{ matrix.service }}" - if build_with_cache; then - exit 0 - fi - echo "Attempt $attempt failed; retrying after backoff" - sleep $((attempt * 10)) - done - - echo "Falling back to build without cache export for ${{ matrix.service }}" - if ! build_without_cache_export; then - echo "Final fallback: push tags without cache" - docker buildx build --push \ - -f Dockerfile.simple \ - --build-arg SERVICE_NAME=${{ matrix.service }} \ - -t "$REGISTRY_HOSTPORT/nxtgauge-rust-${{ matrix.service }}:${SHA}" \ - . - fi - - - name: Update GitOps and trigger deployment - if: always() - continue-on-error: true - env: - GITEOPS_REPO: ${{ secrets.GITEOPS_REPO }} - GITEOPS_SSH_KEY: ${{ secrets.GITEOPS_SSH_KEY }} - run: | - set -euo pipefail - SHA="$(git rev-parse HEAD)" - - if [ -z "$GITEOPS_REPO" ]; then - echo "GITEOPS_REPO secret not set, skipping GitOps update" - exit 0 - fi - - # Clone gitops repo - GITEOPS_DIR=$(mktemp -d) - git clone "$GITEOPS_REPO" "$GITEOPS_DIR" - cd "$GITEOPS_DIR" - - # Set up SSH key for push - mkdir -p ~/.ssh - echo "$GITEOPS_SSH_KEY" > ~/.ssh/id_ed25519 - chmod 600 ~/.ssh/id_ed25519 - ssh-keyscan github.com >> ~/.ssh/known_hosts 2>/dev/null - - # Update gitops with new SHA - python3 .forgejo/scripts/update-gitops.py \ - --repo "$GITEOPS_DIR" \ - --service "${{ matrix.service }}" \ - --sha "${SHA}" \ - --message "chore: deploy ${{ matrix.service }}@${SHA}" - - rm -rf "$GITEOPS_DIR" - - cleanup-after-build: - needs: build - if: always() && needs.build.result == 'success' - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Cleanup old image tags (keep running + 1 previous) - continue-on-error: true - env: - REGISTRY_HOST: ${{ secrets.REGISTRY_HOSTPORT }} - REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} - REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} - SERVICES_CSV: ${{ needs.build.outputs.services_csv || 'gateway,users,companies,jobs,leads,job-seekers,customers,payments,employees,photographers,makeup-artists,tutors,developers,video-editors,graphic-designers,social-media-managers,fitness-trainers,catering-services,ugc-content-creators,cron' }} - run: | - set -euo pipefail - echo "Starting post-build cleanup for services: $SERVICES_CSV" - echo "Policy: Keep 10 SHA tags (current + 9 previous)" - - IFS=',' read -ra SERVICES <<< "$SERVICES_CSV" - for service in "${SERVICES[@]}"; do - echo "Pruning old images for nxtgauge-rust-$service..." - python3 .forgejo/scripts/registry_prune.py \ - --registry "$REGISTRY_HOST" \ - --repo "nxtgauge-rust-$service" \ - --username "$REGISTRY_USERNAME" \ - --password "$REGISTRY_PASSWORD" \ - --keep 10 || echo "Warning: Failed to prune $service (continuing)" - done - - echo "Post-build cleanup completed - 10 most recent SHA tags kept" + echo "Building ${{ matrix.service }}..." + docker buildx build --push \ + -f Dockerfile.simple \ + --build-arg SERVICE_NAME=${{ matrix.service }} \ + -t "registry.nxtgauge.com/nxtgauge-rust-${{ matrix.service }}:${SHA}" \ + -t "registry.nxtgauge.com/nxtgauge-rust-${{ matrix.service }}:latest" \ + .