diff --git a/.gitea/workflows/build-and-deploy.yml b/.gitea/workflows/build-and-deploy.yml index 6eb0467..731c2ad 100644 --- a/.gitea/workflows/build-and-deploy.yml +++ b/.gitea/workflows/build-and-deploy.yml @@ -27,7 +27,45 @@ jobs: image_repository: ${{ steps.image-meta.outputs.repository }} docker_image: ${{ steps.image-meta.outputs.full }} steps: - - uses: actions/checkout@v4 + - name: Checkout repository + shell: bash + env: + GITEA_SERVER_URL: ${{ gitea.server_url }} + GITEA_REPOSITORY: ${{ gitea.repository }} + GITEA_SHA: ${{ gitea.sha }} + CHECKOUT_TOKEN: ${{ gitea.token }} + run: | + set -euo pipefail + if ! command -v git >/dev/null 2>&1; then + apt-get update -qq + apt-get install -y -qq ca-certificates git + fi + + WORKSPACE="${GITHUB_WORKSPACE:-$PWD}" + mkdir -p "$WORKSPACE" + cd "$WORKSPACE" + + SERVER_URL="${GITEA_SERVER_URL:-${GITHUB_SERVER_URL:-}}" + REPOSITORY="${GITEA_REPOSITORY:-${GITHUB_REPOSITORY:-}}" + SHA="${GITEA_SHA:-${GITHUB_SHA:-}}" + if [ -z "$SERVER_URL" ] || [ -z "$REPOSITORY" ] || [ -z "$SHA" ]; then + echo "::error::Missing repository checkout context" + exit 1 + fi + + REPOSITORY_URL="${SERVER_URL}/${REPOSITORY}.git" + if [ ! -d .git ]; then + git init + git remote add origin "$REPOSITORY_URL" + fi + + git config --global --add safe.directory "$WORKSPACE" + if [ -n "${CHECKOUT_TOKEN:-}" ]; then + git -c "http.extraHeader=Authorization: token ${CHECKOUT_TOKEN}" fetch --no-tags --depth=1 origin "$SHA" + else + git fetch --no-tags --depth=1 origin "$SHA" + fi + git checkout --force FETCH_HEAD - name: Ensure Docker CLI is available run: | @@ -39,11 +77,24 @@ jobs: docker info >/dev/null - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - buildkitd-config-inline: | + run: | + if ! docker buildx version >/dev/null 2>&1; then + echo "::error::Docker Buildx is not available on this runner" + exit 1 + fi + + cat > /tmp/buildkitd.toml <<'EOF' [registry."192.168.3.80"] insecure = true + EOF + + docker buildx rm gitea-builder >/dev/null 2>&1 || true + docker buildx create \ + --name gitea-builder \ + --driver docker-container \ + --use \ + --buildkitd-config /tmp/buildkitd.toml + docker buildx inspect --bootstrap - name: Docker image metadata id: image-meta @@ -98,34 +149,48 @@ jobs: - name: Log in to Gitea Container Registry if: steps.registry-check.outputs.available == 'true' - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY_HOST }} - username: ${{ secrets.REGISTRY_USERNAME }} - password: ${{ secrets.REGISTRY_PASSWORD }} + env: + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} + run: | + printf '%s' "$REGISTRY_PASSWORD" | docker login "$REGISTRY_HOST" \ + --username "$REGISTRY_USERNAME" \ + --password-stdin - name: Build and push - uses: docker/build-push-action@v6 env: BUILDKIT_NO_CLIENT_TOKEN: "true" - with: - context: . - file: ${{ env.DOCKERFILE_PATH }} - platforms: ${{ env.DOCKER_PLATFORM }} - push: ${{ steps.registry-check.outputs.available == 'true' }} - tags: | - ${{ steps.image-meta.outputs.full }} - ${{ steps.image-meta.outputs.latest }} - build-args: | - API_INTERNAL_URL=http://api:4000/api/v1 - DASHBOARD_INTERNAL_URL=http://dashboard:3001 - ADMIN_INTERNAL_URL=http://admin:3002 - NEXT_PUBLIC_API_URL=${{ secrets.NEXT_PUBLIC_API_URL }} - NEXT_PUBLIC_HOMEPAGE_URL=${{ secrets.NEXT_PUBLIC_HOMEPAGE_URL }} - NEXT_PUBLIC_STOREFRONT_URL=${{ secrets.NEXT_PUBLIC_STOREFRONT_URL }} - NEXT_PUBLIC_DASHBOARD_URL=${{ secrets.NEXT_PUBLIC_DASHBOARD_URL }} - NEXT_PUBLIC_ADMIN_URL=${{ secrets.NEXT_PUBLIC_ADMIN_URL }} - SITE_ORIGIN=${{ secrets.SITE_ORIGIN }} + PUSH_IMAGE: ${{ steps.registry-check.outputs.available == 'true' }} + IMAGE_FULL: ${{ steps.image-meta.outputs.full }} + IMAGE_LATEST: ${{ steps.image-meta.outputs.latest }} + NEXT_PUBLIC_API_URL: ${{ secrets.NEXT_PUBLIC_API_URL }} + NEXT_PUBLIC_HOMEPAGE_URL: ${{ secrets.NEXT_PUBLIC_HOMEPAGE_URL }} + NEXT_PUBLIC_STOREFRONT_URL: ${{ secrets.NEXT_PUBLIC_STOREFRONT_URL }} + NEXT_PUBLIC_DASHBOARD_URL: ${{ secrets.NEXT_PUBLIC_DASHBOARD_URL }} + NEXT_PUBLIC_ADMIN_URL: ${{ secrets.NEXT_PUBLIC_ADMIN_URL }} + SITE_ORIGIN: ${{ secrets.SITE_ORIGIN }} + run: | + output_flag="--load" + if [ "$PUSH_IMAGE" = "true" ]; then + output_flag="--push" + fi + + docker buildx build \ + --file "$DOCKERFILE_PATH" \ + --platform "$DOCKER_PLATFORM" \ + --tag "$IMAGE_FULL" \ + --tag "$IMAGE_LATEST" \ + --build-arg API_INTERNAL_URL=http://api:4000/api/v1 \ + --build-arg DASHBOARD_INTERNAL_URL=http://dashboard:3001 \ + --build-arg ADMIN_INTERNAL_URL=http://admin:3002 \ + --build-arg NEXT_PUBLIC_API_URL="$NEXT_PUBLIC_API_URL" \ + --build-arg NEXT_PUBLIC_HOMEPAGE_URL="$NEXT_PUBLIC_HOMEPAGE_URL" \ + --build-arg NEXT_PUBLIC_STOREFRONT_URL="$NEXT_PUBLIC_STOREFRONT_URL" \ + --build-arg NEXT_PUBLIC_DASHBOARD_URL="$NEXT_PUBLIC_DASHBOARD_URL" \ + --build-arg NEXT_PUBLIC_ADMIN_URL="$NEXT_PUBLIC_ADMIN_URL" \ + --build-arg SITE_ORIGIN="$SITE_ORIGIN" \ + "$output_flag" \ + . deploy: name: Deploy to VPS @@ -135,7 +200,45 @@ jobs: DOCKER_IMAGE: ${{ needs.build-image.outputs.docker_image }} IMAGE_REPOSITORY: ${{ needs.build-image.outputs.image_repository }} steps: - - uses: actions/checkout@v4 + - name: Checkout repository + shell: bash + env: + GITEA_SERVER_URL: ${{ gitea.server_url }} + GITEA_REPOSITORY: ${{ gitea.repository }} + GITEA_SHA: ${{ gitea.sha }} + CHECKOUT_TOKEN: ${{ gitea.token }} + run: | + set -euo pipefail + if ! command -v git >/dev/null 2>&1; then + apt-get update -qq + apt-get install -y -qq ca-certificates git + fi + + WORKSPACE="${GITHUB_WORKSPACE:-$PWD}" + mkdir -p "$WORKSPACE" + cd "$WORKSPACE" + + SERVER_URL="${GITEA_SERVER_URL:-${GITHUB_SERVER_URL:-}}" + REPOSITORY="${GITEA_REPOSITORY:-${GITHUB_REPOSITORY:-}}" + SHA="${GITEA_SHA:-${GITHUB_SHA:-}}" + if [ -z "$SERVER_URL" ] || [ -z "$REPOSITORY" ] || [ -z "$SHA" ]; then + echo "::error::Missing repository checkout context" + exit 1 + fi + + REPOSITORY_URL="${SERVER_URL}/${REPOSITORY}.git" + if [ ! -d .git ]; then + git init + git remote add origin "$REPOSITORY_URL" + fi + + git config --global --add safe.directory "$WORKSPACE" + if [ -n "${CHECKOUT_TOKEN:-}" ]; then + git -c "http.extraHeader=Authorization: token ${CHECKOUT_TOKEN}" fetch --no-tags --depth=1 origin "$SHA" + else + git fetch --no-tags --depth=1 origin "$SHA" + fi + git checkout --force FETCH_HEAD - name: Check deploy credentials id: check-creds