Billy D.
71321e5878
- Docker Hub login now happens before Gitea login, both via login-action - Previous manual config.json write was clobbering Docker Hub auth - buildx docker-container driver inherits auth from login-action correctly - Fixes 429 Too Many Requests from unauthenticated Docker Hub pulls
233 lines
8.0 KiB
YAML
233 lines
8.0 KiB
YAML
name: CI
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
branches: [main]
|
|
|
|
env:
|
|
NTFY_URL: http://ntfy.observability.svc.cluster.local:80
|
|
REGISTRY: gitea-http.gitea.svc.cluster.local:3000/daviestechlabs
|
|
REGISTRY_HOST: gitea-http.gitea.svc.cluster.local:3000
|
|
IMAGE_NAME: gradio-ui
|
|
KUSTOMIZE_NAMESPACE: ai-ml
|
|
|
|
jobs:
|
|
lint:
|
|
name: Lint
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up uv
|
|
run: curl -LsSf https://astral.sh/uv/install.sh | sh && echo "$HOME/.local/bin" >> $GITHUB_PATH
|
|
|
|
- name: Run ruff check
|
|
run: uvx ruff check .
|
|
|
|
- name: Run ruff format check
|
|
run: uvx ruff format --check .
|
|
|
|
release:
|
|
name: Release
|
|
runs-on: ubuntu-latest
|
|
needs: [lint]
|
|
if: gitea.ref == 'refs/heads/main' && gitea.event_name == 'push'
|
|
outputs:
|
|
version: ${{ steps.version.outputs.version }}
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Determine version bump
|
|
id: version
|
|
run: |
|
|
LATEST=$(git describe --tags --abbrev=0 2>/dev/null || echo "v0.0.0")
|
|
VERSION=${LATEST#v}
|
|
IFS='.' read -r MAJOR MINOR PATCH <<< "$VERSION"
|
|
|
|
MSG="${{ gitea.event.head_commit.message }}"
|
|
if echo "$MSG" | grep -qiE "^major:|BREAKING CHANGE"; then
|
|
MAJOR=$((MAJOR + 1)); MINOR=0; PATCH=0
|
|
BUMP="major"
|
|
elif echo "$MSG" | grep -qiE "^(minor:|feat:)"; then
|
|
MINOR=$((MINOR + 1)); PATCH=0
|
|
BUMP="minor"
|
|
else
|
|
PATCH=$((PATCH + 1))
|
|
BUMP="patch"
|
|
fi
|
|
|
|
NEW_VERSION="v${MAJOR}.${MINOR}.${PATCH}"
|
|
echo "version=$NEW_VERSION" >> $GITHUB_OUTPUT
|
|
echo "bump=$BUMP" >> $GITHUB_OUTPUT
|
|
echo "Bumping $LATEST → $NEW_VERSION ($BUMP)"
|
|
|
|
- name: Create and push tag
|
|
run: |
|
|
git config user.name "gitea-actions[bot]"
|
|
git config user.email "actions@git.daviestechlabs.io"
|
|
git tag -a ${{ steps.version.outputs.version }} -m "Release ${{ steps.version.outputs.version }}"
|
|
git push origin ${{ steps.version.outputs.version }}
|
|
|
|
docker:
|
|
name: Docker Build & Push
|
|
runs-on: ubuntu-latest
|
|
needs: [lint, release]
|
|
if: gitea.ref == 'refs/heads/main' && gitea.event_name == 'push'
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
with:
|
|
buildkitd-config-inline: |
|
|
[registry."gitea-http.gitea.svc.cluster.local:3000"]
|
|
http = true
|
|
insecure = true
|
|
|
|
- name: Configure Docker for insecure registry
|
|
run: |
|
|
sudo mkdir -p /etc/docker
|
|
echo '{"insecure-registries": ["${{ env.REGISTRY_HOST }}"]}' | sudo tee /etc/docker/daemon.json
|
|
sudo systemctl restart docker || sudo service docker restart || true
|
|
sleep 2
|
|
|
|
- name: Login to Docker Hub
|
|
if: vars.DOCKERHUB_USERNAME != ''
|
|
uses: docker/login-action@v3
|
|
with:
|
|
username: ${{ vars.DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
|
|
- name: Login to Gitea Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ${{ env.REGISTRY_HOST }}
|
|
username: ${{ secrets.REGISTRY_USER }}
|
|
password: ${{ secrets.REGISTRY_TOKEN }}
|
|
|
|
- name: Extract metadata
|
|
id: meta
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
|
|
tags: |
|
|
type=semver,pattern={{version}},value=${{ needs.release.outputs.version }}
|
|
type=semver,pattern={{major}}.{{minor}},value=${{ needs.release.outputs.version }}
|
|
type=raw,value=latest,enable={{is_default_branch}}
|
|
|
|
- name: Build and push
|
|
uses: docker/build-push-action@v5
|
|
with:
|
|
context: .
|
|
push: true
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
labels: ${{ steps.meta.outputs.labels }}
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|
|
|
|
deploy:
|
|
name: Deploy to Kubernetes
|
|
runs-on: ubuntu-latest
|
|
needs: [docker, release]
|
|
if: gitea.ref == 'refs/heads/main' && gitea.event_name == 'push'
|
|
container:
|
|
image: catthehacker/ubuntu:act-latest
|
|
volumes:
|
|
- /secrets/kubeconfig:/secrets/kubeconfig
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Install kubectl
|
|
run: |
|
|
curl -LO "https://dl.k8s.io/release/$(curl -Ls https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
|
|
chmod +x kubectl && sudo mv kubectl /usr/local/bin/
|
|
|
|
- name: Update image tag in manifests
|
|
env:
|
|
KUBECONFIG: /secrets/kubeconfig/config
|
|
run: |
|
|
VERSION="${{ needs.release.outputs.version }}"
|
|
VERSION="${VERSION#v}"
|
|
for DEPLOY in llm embeddings stt tts; do
|
|
sed -i "s|image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:.*|image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${VERSION}|" "${DEPLOY}.yaml"
|
|
done
|
|
|
|
- name: Apply kustomization
|
|
env:
|
|
KUBECONFIG: /secrets/kubeconfig/config
|
|
run: |
|
|
kubectl apply -k . --namespace ${{ env.KUSTOMIZE_NAMESPACE }}
|
|
|
|
- name: Rollout restart deployments
|
|
env:
|
|
KUBECONFIG: /secrets/kubeconfig/config
|
|
run: |
|
|
for DEPLOY in llm-ui embeddings-ui stt-ui tts-ui; do
|
|
kubectl rollout restart deployment/${DEPLOY} -n ${{ env.KUSTOMIZE_NAMESPACE }} 2>/dev/null || true
|
|
done
|
|
|
|
- name: Wait for rollout
|
|
env:
|
|
KUBECONFIG: /secrets/kubeconfig/config
|
|
run: |
|
|
for DEPLOY in llm-ui embeddings-ui stt-ui tts-ui; do
|
|
kubectl rollout status deployment/${DEPLOY} -n ${{ env.KUSTOMIZE_NAMESPACE }} --timeout=120s 2>/dev/null || true
|
|
done
|
|
|
|
notify:
|
|
name: Notify
|
|
runs-on: ubuntu-latest
|
|
needs: [lint, release, docker, deploy]
|
|
if: always()
|
|
steps:
|
|
- name: Notify on success
|
|
if: needs.lint.result == 'success' && needs.docker.result == 'success'
|
|
run: |
|
|
curl -s \
|
|
-H "Title: ✅ CI Passed: ${{ gitea.repository }}" \
|
|
-H "Priority: default" \
|
|
-H "Tags: white_check_mark,github" \
|
|
-H "Click: ${{ gitea.server_url }}/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}" \
|
|
-d "Branch: ${{ gitea.ref_name }}
|
|
Commit: ${{ gitea.event.head_commit.message || gitea.sha }}
|
|
Release: ${{ needs.release.result == 'success' && needs.release.outputs.version || 'skipped' }}
|
|
Docker: ${{ needs.docker.result }}
|
|
Deploy: ${{ needs.deploy.result }}" \
|
|
${{ env.NTFY_URL }}/gitea-ci
|
|
|
|
- name: Notify on deploy success
|
|
if: needs.deploy.result == 'success'
|
|
run: |
|
|
curl -s \
|
|
-H "Title: 🚀 Deployed: ${{ gitea.repository }}" \
|
|
-H "Priority: default" \
|
|
-H "Tags: rocket,kubernetes" \
|
|
-H "Click: ${{ gitea.server_url }}/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}" \
|
|
-d "Version: ${{ needs.release.outputs.version }}
|
|
Namespace: ${{ env.KUSTOMIZE_NAMESPACE }}
|
|
Apps: llm-ui, embeddings-ui, stt-ui, tts-ui" \
|
|
${{ env.NTFY_URL }}/gitea-ci
|
|
|
|
- name: Notify on failure
|
|
if: needs.lint.result == 'failure' || needs.docker.result == 'failure' || needs.deploy.result == 'failure'
|
|
run: |
|
|
curl -s \
|
|
-H "Title: ❌ CI Failed: ${{ gitea.repository }}" \
|
|
-H "Priority: high" \
|
|
-H "Tags: x,github" \
|
|
-H "Click: ${{ gitea.server_url }}/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}" \
|
|
-d "Branch: ${{ gitea.ref_name }}
|
|
Commit: ${{ gitea.event.head_commit.message || gitea.sha }}
|
|
Lint: ${{ needs.lint.result }}
|
|
Docker: ${{ needs.docker.result }}
|
|
Deploy: ${{ needs.deploy.result }}" \
|
|
${{ env.NTFY_URL }}/gitea-ci
|