adebaumann/vgui-cicd
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d1c7218fcf6bf1e6cc2d3445b07ce91c68b690b9
vgui-cicd/.gitea/workflows/build-on-demand.yml
Adrian A. Baumann 04fa504bb2
All checks were successful
Build image when workload image tag changes / build-if-image-changed (push) Successful in 28s
Details
Checking runner
2025-11-06 23:47:17 +01:00

206 lines
7.3 KiB
YAML
Raw Blame History

name: Build image when workload image tag changes
on:
push:
# Uncomment/adjust once it's working:
# branches: [ main ]
paths:
- "argocd/deployment.yaml"
- "Dockerfile"
- ".gitea/workflows/build-on-demand.yml"
jobs:
build-if-image-changed:
runs-on: ubuntu-latest
env:
DEPLOY_FILE: "argocd/deployment.yaml"
CONTAINER_NAME: "web" # we only consider this container
EXPECTED_REPO: "git.baumann.gr/adebaumann/vui" # sanity-check the repo
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 2
- name: Determine base commit
id: base
shell: bash
run: |
set -euo pipefail
if git rev-parse --verify -q HEAD~1 >/dev/null; then
echo "base=$(git rev-parse HEAD~1)" >> "$GITHUB_OUTPUT"
else
echo "base=$(git hash-object -t tree /dev/null)" >> "$GITHUB_OUTPUT"
fi
- name: Install yq
shell: bash
run: |
set -euo pipefail
YQ_VER=v4.44.3
curl -sL "https://github.com/mikefarah/yq/releases/download/${YQ_VER}/yq_linux_amd64" -o /usr/local/bin/yq
chmod +x /usr/local/bin/yq
yq --version
- name: Read workload image from deployment (old vs new)
id: img
shell: bash
run: |
set -euo pipefail
file="${DEPLOY_FILE:-argocd/deployment.yaml}"
cname="${CONTAINER_NAME:-web}"
expected_repo="${EXPECTED_REPO:-git.baumann.gr/adebaumann/vui}"
export cname
export expected_repo
# --- functions ------------------------------------------------------
have_yq() { command -v yq >/dev/null 2>&1; }
# yq-based extractor (multi-doc aware; Deployment only; container name match)
yq_extract() {
yq -r '
select(.kind == "Deployment") |
.spec.template.spec.containers // [] |
map(select(.name == env(cname))) |
.[]?.image
' "$1" 2>/dev/null | tail -n 1
}
# ultra-tolerant fallback: grep around containers: block and pick name==web image
# (still ignores initContainers by staying within the "containers:" block)
fallback_extract() {
# print the containers block, then associate names with images
awk -v cname="$cname" '
BEGIN{ in_cont=0; name=""; image="" }
/^containers:/ {in_cont=1; next}
in_cont {
# end of containers block when dedented to less than two spaces or new top-level key
if ($0 ~ /^[[:alpha:]][[:alnum:]_:-]*:/ || $0 ~ /^ *initContainers:/) { in_cont=0 }
# capture name and image lines
if ($0 ~ /^[[:space:]]*-?[[:space:]]*name:[[:space:]]*/) {
name=$0; sub(/^.*name:[[:space:]]*/,"",name); gsub(/^[ "\047]+|[ "\047]+$/,"",name)
}
if ($0 ~ /^[[:space:]]*image:[[:space:]]*/) {
image=$0; sub(/^.*image:[[:space:]]*/,"",image); gsub(/^[ "\047]+|[ "\047]+$/,"",image)
if (name==cname) { print image; exit }
}
}
' "$1"
}
list_workload_images() {
echo "== workload containers in $1 ==" >&2
if have_yq; then
yq -r '
select(.kind == "Deployment") |
.spec.template.spec.containers // [] |
.[] | "\(.name): \(.image)"
' "$1" 2>/dev/null | nl -ba >&2 || true
else
# coarse list for visibility
awk '
/^ *containers:/, /^[^ ]/ { if ($0 ~ /name:|image:/) print }
' "$1" | nl -ba >&2 || true
fi
}
# --------------------------------------------------------------------
# Ensure yq is present; if install failed earlier, try once more
if ! have_yq; then
echo "yq missing; attempting quick install..." >&2
curl -fsSL https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -o /usr/local/bin/yq || true
chmod +x /usr/local/bin/yq || true
fi
# Prepare old file (previous commit) if exists
if git cat-file -e "${{ steps.base.outputs.base }}":"$file" 2>/dev/null; then
git show "${{ steps.base.outputs.base }}:$file" > /tmp/old.yaml
else
: > /tmp/old.yaml
fi
list_workload_images /tmp/old.yaml || true
list_workload_images "$file" || true
if have_yq; then
old_image="$(yq_extract /tmp/old.yaml || true)"
new_image="$(yq_extract "$file" || true)"
else
old_image="$(fallback_extract /tmp/old.yaml || true)"
new_image="$(fallback_extract "$file" || true)"
fi
# If yq path failed to find it, try fallback once more as safety
if [ -z "${new_image:-}" ]; then
new_image="$(fallback_extract "$file" || true)"
fi
if [ -z "${old_image:-}" ]; then
old_image="$(fallback_extract /tmp/old.yaml || true)"
fi
echo "Old workload image: ${old_image:-<none>}"
echo "New workload image: ${new_image:-<none>}"
if [ -z "${new_image:-}" ]; then
echo "ERROR: Could not find containers[].name == \"$cname\" image in $file"
exit 1
fi
# Split repo and tag
new_repo="${new_image%:*}"
new_tag="${new_image##*:}"
if [[ "$new_repo" != "$expected_repo" ]]; then
echo "ERROR: Found container \"$cname\" image repo is \"$new_repo\" but expected \"$expected_repo\""
exit 1
fi
if [ -n "${old_image:-}" ]; then
old_tag="${old_image##*:}"
else
old_tag=""
fi
registry="$(echo "$new_repo" | awk -F/ '{print $1}')"
{
echo "changed=$([ "$old_tag" != "$new_tag" ] && echo true || echo false)"
echo "new_image=$new_image"
echo "new_repo=$new_repo"
echo "new_tag=$new_tag"
echo "registry=$registry"
} >> "$GITHUB_OUTPUT"
- name: Skip if tag unchanged
if: steps.img.outputs.changed != 'true'
run: echo "Workload image tag unchanged; skipping build."
- name: Set up Buildx
if: steps.img.outputs.changed == 'true'
uses: docker/setup-buildx-action@v3
- name: Log in to registry
if: steps.img.outputs.changed == 'true'
uses: docker/login-action@v3
with:
registry: ${{ steps.img.outputs.registry }}
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Build and push (exact tag from deployment)
if: steps.img.outputs.changed == 'true'
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: |
${{ steps.img.outputs.new_image }}
${{ steps.img.outputs.new_repo }}:latest
labels: |
org.opencontainers.image.source=${{ gitea.repository }}
org.opencontainers.image.revision=${{ gitea.sha }}
cache-from: type=gha
cache-to: type=gha,mode=max
Reference in New Issue View Git Blame Copy Permalink