Andriy Oblivantsev
e6176999c1
Expand architecture doc section 4.5 with image building process, container registry management, and deployment pipeline prose. Add Docker build & push to Gitea OCI registry in CI workflow. Co-authored-by: Cursor <cursoragent@cursor.com>
164 lines
5.6 KiB
YAML
164 lines
5.6 KiB
YAML
# FleetDM Stack - Gitea Actions
|
|
# CI: lint on every push (skips docs-only changes)
|
|
# Semantic Release: auto-bump version on push to main/master
|
|
# - merge from feature/* branch → major bump
|
|
# - any other commit (fix, chore, etc.) → patch bump
|
|
# Release: package Helm chart and publish to Gitea Releases
|
|
|
|
name: Helm Chart CI & Release
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- master
|
|
paths-ignore:
|
|
- 'docs/**'
|
|
- 'README.md'
|
|
- 'STATUS.md'
|
|
- 'AGENTS.md'
|
|
- 'TASKS.md'
|
|
- '.gitignore'
|
|
- 'djinni-*/**'
|
|
pull_request:
|
|
branches:
|
|
- main
|
|
- master
|
|
|
|
jobs:
|
|
lint:
|
|
name: Lint Helm Chart
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
run: |
|
|
git clone --depth=1 https://${{ gitea.actor }}:${{ gitea.token }}@git.produktor.io/${{ gitea.repository }}.git .
|
|
git checkout ${{ gitea.sha }}
|
|
|
|
- name: Install Helm
|
|
run: |
|
|
curl -fsSL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
|
|
helm version
|
|
|
|
- name: Lint chart
|
|
run: |
|
|
helm dependency update fleetdm-stack/
|
|
helm lint fleetdm-stack/
|
|
helm template fleetdm-stack fleetdm-stack/ --namespace fleetdm > /dev/null
|
|
|
|
semantic-release:
|
|
name: Semantic Release
|
|
runs-on: ubuntu-latest
|
|
needs: lint
|
|
if: gitea.event_name == 'push'
|
|
permissions:
|
|
contents: write
|
|
steps:
|
|
- name: Checkout (full history for tags)
|
|
run: |
|
|
git clone https://${{ gitea.actor }}:${{ gitea.token }}@git.produktor.io/${{ gitea.repository }}.git .
|
|
git fetch --tags
|
|
|
|
- name: Determine version bump
|
|
id: version
|
|
run: |
|
|
LATEST_TAG=$(git tag -l 'v*' --sort=-v:refname | head -1)
|
|
if [ -z "$LATEST_TAG" ]; then
|
|
LATEST_TAG="v0.0.0"
|
|
fi
|
|
echo "Latest tag: $LATEST_TAG"
|
|
|
|
VER="${LATEST_TAG#v}"
|
|
MAJOR=$(echo "$VER" | cut -d. -f1)
|
|
MINOR=$(echo "$VER" | cut -d. -f2)
|
|
PATCH=$(echo "$VER" | cut -d. -f3)
|
|
|
|
COMMIT_MSG=$(git log -1 --format='%s' ${{ gitea.sha }})
|
|
echo "Commit message: $COMMIT_MSG"
|
|
|
|
IS_FEATURE="false"
|
|
if echo "$COMMIT_MSG" | grep -qiE "^Merge.*feature/"; then
|
|
IS_FEATURE="true"
|
|
fi
|
|
if git log -1 --format='%P' ${{ gitea.sha }} | grep -q ' '; then
|
|
MERGE_BRANCH=$(git log -1 --format='%s' ${{ gitea.sha }} | grep -oE "feature/[^ '\"]*" || true)
|
|
if [ -n "$MERGE_BRANCH" ]; then
|
|
IS_FEATURE="true"
|
|
fi
|
|
fi
|
|
|
|
if [ "$IS_FEATURE" = "true" ]; then
|
|
MAJOR=$((MAJOR + 1))
|
|
MINOR=0
|
|
PATCH=0
|
|
BUMP="major"
|
|
else
|
|
PATCH=$((PATCH + 1))
|
|
BUMP="patch"
|
|
fi
|
|
|
|
NEW_VER="${MAJOR}.${MINOR}.${PATCH}"
|
|
echo "Bump: $BUMP → v${NEW_VER}"
|
|
echo "new_version=${NEW_VER}" >> "$GITHUB_OUTPUT"
|
|
echo "new_tag=v${NEW_VER}" >> "$GITHUB_OUTPUT"
|
|
echo "bump_type=${BUMP}" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Install Helm
|
|
run: |
|
|
curl -fsSL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
|
|
|
|
- name: Update Chart.yaml version
|
|
run: |
|
|
sed -i "s/^version: .*/version: ${{ steps.version.outputs.new_version }}/" fleetdm-stack/Chart.yaml
|
|
echo "Chart.yaml version set to ${{ steps.version.outputs.new_version }}"
|
|
grep '^version:' fleetdm-stack/Chart.yaml
|
|
|
|
- name: Package chart
|
|
run: |
|
|
helm dependency update fleetdm-stack/
|
|
helm package fleetdm-stack/
|
|
mkdir -p .tmp
|
|
mv fleetdm-stack-*.tgz .tmp/
|
|
ls -la .tmp/
|
|
|
|
- name: Build and push container image
|
|
run: |
|
|
TAG="${{ steps.version.outputs.new_tag }}"
|
|
IMAGE="git.produktor.io/${{ gitea.repository }}/fleetdm-stack"
|
|
|
|
echo "${{ gitea.token }}" | docker login git.produktor.io -u "${{ gitea.actor }}" --password-stdin
|
|
docker build -t "${IMAGE}:${TAG}" -t "${IMAGE}:latest" .
|
|
docker push "${IMAGE}:${TAG}"
|
|
docker push "${IMAGE}:latest"
|
|
echo "Pushed ${IMAGE}:${TAG}"
|
|
|
|
- name: Create tag
|
|
run: |
|
|
git config user.name "Gitea Actions"
|
|
git config user.email "actions@git.produktor.io"
|
|
git tag -a "${{ steps.version.outputs.new_tag }}" -m "Release ${{ steps.version.outputs.new_tag }} (${{ steps.version.outputs.bump_type }})"
|
|
git push https://${{ gitea.actor }}:${{ gitea.token }}@git.produktor.io/${{ gitea.repository }}.git "${{ steps.version.outputs.new_tag }}"
|
|
|
|
- name: Create Gitea Release
|
|
run: |
|
|
TAG="${{ steps.version.outputs.new_tag }}"
|
|
BUMP="${{ steps.version.outputs.bump_type }}"
|
|
API="https://git.produktor.io/api/v1/repos/${{ gitea.repository }}/releases"
|
|
TOKEN="${{ gitea.token }}"
|
|
|
|
RELEASE=$(curl -sf -X POST "$API" \
|
|
-H "Authorization: token $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"tag_name\":\"$TAG\",\"name\":\"FleetDM Stack $TAG\",\"body\":\"**${BUMP}** release — \`${TAG}\`\n\nHelm chart for FleetDM Server with MySQL and Redis.\"}")
|
|
RELEASE_ID=$(echo "$RELEASE" | grep -o '"id":[0-9]*' | head -1 | cut -d: -f2)
|
|
echo "Created release ID: $RELEASE_ID"
|
|
|
|
for f in .tmp/*.tgz; do
|
|
FNAME=$(basename "$f")
|
|
curl -sf -X POST "$API/$RELEASE_ID/assets?name=$FNAME" \
|
|
-H "Authorization: token $TOKEN" \
|
|
-H "Content-Type: application/octet-stream" \
|
|
--data-binary "@$f"
|
|
echo "Uploaded: $FNAME"
|
|
done
|