111 lines
3.5 KiB
YAML
111 lines
3.5 KiB
YAML
name: build-and-push
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- high-performance
|
|
|
|
jobs:
|
|
build:
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
DOCKER_HOST: unix:///var/run/docker.sock
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Docker Buildx
|
|
run: |
|
|
export DOCKER_HOST=unix:///var/run/docker.sock
|
|
docker version
|
|
docker buildx create --use || true
|
|
docker buildx inspect --bootstrap
|
|
|
|
- name: Login to Registry
|
|
env:
|
|
REGISTRY_HOSTPORT: ${{ secrets.REGISTRY_HOSTPORT }}
|
|
REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
|
|
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
|
|
run: |
|
|
set -euo pipefail
|
|
export DOCKER_HOST=unix:///var/run/docker.sock
|
|
test -n "$REGISTRY_HOSTPORT"
|
|
echo "$REGISTRY_PASSWORD" | docker login "$REGISTRY_HOSTPORT" -u "$REGISTRY_USERNAME" --password-stdin
|
|
|
|
- name: Build and push
|
|
env:
|
|
REGISTRY_HOSTPORT: ${{ secrets.REGISTRY_HOSTPORT }}
|
|
run: |
|
|
set -euo pipefail
|
|
export DOCKER_HOST=unix:///var/run/docker.sock
|
|
|
|
build_and_push() {
|
|
docker buildx build --push \
|
|
-f Dockerfile \
|
|
-t "$REGISTRY_HOSTPORT/nxtgauge-frontend-solid:${{ gitea.sha }}" \
|
|
-t "$REGISTRY_HOSTPORT/nxtgauge-frontend-solid:high-performance-latest" \
|
|
.
|
|
}
|
|
|
|
for attempt in 1 2 3; do
|
|
echo "Build attempt $attempt"
|
|
if build_and_push; then
|
|
exit 0
|
|
fi
|
|
echo "Build attempt $attempt failed; recreating builder and retrying"
|
|
docker buildx rm --all-inactive --force || true
|
|
docker buildx create --use || true
|
|
docker buildx inspect --bootstrap
|
|
sleep $((attempt * 10))
|
|
done
|
|
|
|
echo "Build failed after retries"
|
|
exit 1
|
|
|
|
- name: Prune old image tags (keep latest 1 SHA)
|
|
if: success()
|
|
continue-on-error: true
|
|
env:
|
|
REGISTRY_HOST: ${{ secrets.REGISTRY_HOSTPORT }}
|
|
REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
|
|
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
|
|
run: |
|
|
set -euo pipefail
|
|
python3 .gitea/scripts/registry_prune.py \
|
|
--registry "$REGISTRY_HOST" \
|
|
--repo "nxtgauge-frontend-solid" \
|
|
--username "$REGISTRY_USERNAME" \
|
|
--password "$REGISTRY_PASSWORD" \
|
|
--keep 1
|
|
|
|
- name: Update GitOps and trigger deployment
|
|
if: success()
|
|
continue-on-error: true
|
|
env:
|
|
GITEOPS_REPO: ${{ secrets.GITEOPS_REPO }}
|
|
GITEOPS_SSH_KEY: ${{ secrets.GITEOPS_SSH_KEY }}
|
|
run: |
|
|
set -euo pipefail
|
|
|
|
if [ -z "$GITEOPS_REPO" ]; then
|
|
echo "GITEOPS_REPO secret not set, skipping GitOps update"
|
|
exit 0
|
|
fi
|
|
|
|
GITEOPS_DIR=$(mktemp -d)
|
|
git clone "$GITEOPS_REPO" "$GITEOPS_DIR"
|
|
cd "$GITEOPS_DIR"
|
|
|
|
mkdir -p ~/.ssh
|
|
echo "$GITEOPS_SSH_KEY" > ~/.ssh/id_ed25519
|
|
chmod 600 ~/.ssh/id_ed25519
|
|
ssh-keyscan github.com >> ~/.ssh/known_hosts 2>/dev/null
|
|
|
|
python3 .gitea/scripts/update-gitops.py \
|
|
--repo "$GITEOPS_DIR" \
|
|
--service "frontend-solid" \
|
|
--sha "${{ gitea.sha }}" \
|
|
--message "chore: deploy frontend-solid@${{ gitea.sha }}"
|
|
|
|
rm -rf "$GITEOPS_DIR"
|