name: CI on: push: branches: [main] pull_request: branches: [main] env: NTFY_URL: http://ntfy.observability.svc.cluster.local:80 REGISTRY: gitea-http.gitea.svc.cluster.local:3000/daviestechlabs REGISTRY_HOST: gitea-http.gitea.svc.cluster.local:3000 IMAGE_NAME: gradio-ui KUSTOMIZE_NAMESPACE: ai-ml jobs: lint: name: Lint runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up uv run: curl -LsSf https://astral.sh/uv/install.sh | sh && echo "$HOME/.local/bin" >> $GITHUB_PATH - name: Run ruff check run: uvx ruff check . - name: Run ruff format check run: uvx ruff format --check . release: name: Release runs-on: ubuntu-latest needs: [lint] if: gitea.ref == 'refs/heads/main' && gitea.event_name == 'push' outputs: version: ${{ steps.version.outputs.version }} steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 - name: Determine version bump id: version run: | LATEST=$(git describe --tags --abbrev=0 2>/dev/null || echo "v0.0.0") VERSION=${LATEST#v} IFS='.' read -r MAJOR MINOR PATCH <<< "$VERSION" MSG="${{ gitea.event.head_commit.message }}" if echo "$MSG" | grep -qiE "^major:|BREAKING CHANGE"; then MAJOR=$((MAJOR + 1)); MINOR=0; PATCH=0 BUMP="major" elif echo "$MSG" | grep -qiE "^(minor:|feat:)"; then MINOR=$((MINOR + 1)); PATCH=0 BUMP="minor" else PATCH=$((PATCH + 1)) BUMP="patch" fi NEW_VERSION="v${MAJOR}.${MINOR}.${PATCH}" echo "version=$NEW_VERSION" >> $GITHUB_OUTPUT echo "bump=$BUMP" >> $GITHUB_OUTPUT echo "Bumping $LATEST → $NEW_VERSION ($BUMP)" - name: Create and push tag run: | git config user.name "gitea-actions[bot]" git config user.email "actions@git.daviestechlabs.io" git tag -a ${{ steps.version.outputs.version }} -m "Release ${{ steps.version.outputs.version }}" git push origin ${{ steps.version.outputs.version }} docker: name: Docker Build & Push runs-on: ubuntu-latest needs: [lint, release] if: gitea.ref == 'refs/heads/main' && gitea.event_name == 'push' steps: - name: Checkout uses: actions/checkout@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 with: buildkitd-config-inline: | [registry."gitea-http.gitea.svc.cluster.local:3000"] http = true insecure = true - name: Login to Docker Hub if: vars.DOCKERHUB_USERNAME != '' uses: docker/login-action@v3 with: username: ${{ vars.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Configure Docker for insecure registry run: | sudo mkdir -p /etc/docker echo '{"insecure-registries": ["${{ env.REGISTRY_HOST }}"]}' | sudo tee /etc/docker/daemon.json sudo systemctl restart docker || sudo service docker restart || true sleep 2 - name: Login to Gitea Registry run: | AUTH=$(echo -n "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_TOKEN }}" | base64 -w0) mkdir -p ~/.docker cat > ~/.docker/config.json << EOF { "auths": { "${{ env.REGISTRY_HOST }}": { "auth": "$AUTH" } } } EOF echo "Auth configured for ${{ env.REGISTRY_HOST }}" - name: Extract metadata id: meta uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | type=semver,pattern={{version}},value=${{ needs.release.outputs.version }} type=semver,pattern={{major}}.{{minor}},value=${{ needs.release.outputs.version }} type=raw,value=latest,enable={{is_default_branch}} - name: Build and push uses: docker/build-push-action@v5 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max deploy: name: Deploy to Kubernetes runs-on: ubuntu-latest needs: [docker, release] if: gitea.ref == 'refs/heads/main' && gitea.event_name == 'push' container: image: catthehacker/ubuntu:act-latest volumes: - /secrets/kubeconfig:/secrets/kubeconfig steps: - name: Checkout uses: actions/checkout@v4 - name: Install kubectl run: | curl -LO "https://dl.k8s.io/release/$(curl -Ls https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" chmod +x kubectl && sudo mv kubectl /usr/local/bin/ - name: Update image tag in manifests env: KUBECONFIG: /secrets/kubeconfig/config run: | VERSION="${{ needs.release.outputs.version }}" VERSION="${VERSION#v}" for DEPLOY in llm embeddings stt tts; do sed -i "s|image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:.*|image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${VERSION}|" "${DEPLOY}.yaml" done - name: Apply kustomization env: KUBECONFIG: /secrets/kubeconfig/config run: | kubectl apply -k . --namespace ${{ env.KUSTOMIZE_NAMESPACE }} - name: Rollout restart deployments env: KUBECONFIG: /secrets/kubeconfig/config run: | for DEPLOY in llm-ui embeddings-ui stt-ui tts-ui; do kubectl rollout restart deployment/${DEPLOY} -n ${{ env.KUSTOMIZE_NAMESPACE }} 2>/dev/null || true done - name: Wait for rollout env: KUBECONFIG: /secrets/kubeconfig/config run: | for DEPLOY in llm-ui embeddings-ui stt-ui tts-ui; do kubectl rollout status deployment/${DEPLOY} -n ${{ env.KUSTOMIZE_NAMESPACE }} --timeout=120s 2>/dev/null || true done notify: name: Notify runs-on: ubuntu-latest needs: [lint, release, docker, deploy] if: always() steps: - name: Notify on success if: needs.lint.result == 'success' && needs.docker.result == 'success' run: | curl -s \ -H "Title: ✅ CI Passed: ${{ gitea.repository }}" \ -H "Priority: default" \ -H "Tags: white_check_mark,github" \ -H "Click: ${{ gitea.server_url }}/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}" \ -d "Branch: ${{ gitea.ref_name }} Commit: ${{ gitea.event.head_commit.message || gitea.sha }} Release: ${{ needs.release.result == 'success' && needs.release.outputs.version || 'skipped' }} Docker: ${{ needs.docker.result }} Deploy: ${{ needs.deploy.result }}" \ ${{ env.NTFY_URL }}/gitea-ci - name: Notify on deploy success if: needs.deploy.result == 'success' run: | curl -s \ -H "Title: 🚀 Deployed: ${{ gitea.repository }}" \ -H "Priority: default" \ -H "Tags: rocket,kubernetes" \ -H "Click: ${{ gitea.server_url }}/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}" \ -d "Version: ${{ needs.release.outputs.version }} Namespace: ${{ env.KUSTOMIZE_NAMESPACE }} Apps: llm-ui, embeddings-ui, stt-ui, tts-ui" \ ${{ env.NTFY_URL }}/gitea-ci - name: Notify on failure if: needs.lint.result == 'failure' || needs.docker.result == 'failure' || needs.deploy.result == 'failure' run: | curl -s \ -H "Title: ❌ CI Failed: ${{ gitea.repository }}" \ -H "Priority: high" \ -H "Tags: x,github" \ -H "Click: ${{ gitea.server_url }}/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}" \ -d "Branch: ${{ gitea.ref_name }} Commit: ${{ gitea.event.head_commit.message || gitea.sha }} Lint: ${{ needs.lint.result }} Docker: ${{ needs.docker.result }} Deploy: ${{ needs.deploy.result }}" \ ${{ env.NTFY_URL }}/gitea-ci