Joakim Helleśen
d51ca2cced
All checks were successful
Test and build Docker image / docker (push) Successful in 1m39s
100 lines
3.6 KiB
YAML
100 lines
3.6 KiB
YAML
---
|
|
# Required setup for self-hosted runner:
|
|
# 1. Install dependencies:
|
|
# sudo pacman -S qemu-user-static qemu-user-static-binfmt docker docker-buildx
|
|
# 2. Add runner to docker group:
|
|
# sudo usermod -aG docker forgejo-runner
|
|
# 3. Restart runner service to apply group membership:
|
|
# sudo systemctl restart forgejo-runner
|
|
# 4. Install uv and ruff for the runner user
|
|
# 5. Login to GitHub Container Registry:
|
|
# echo "ghp_YOUR_TOKEN_HERE" | sudo -u forgejo-runner docker login ghcr.io -u TheLovinator1 --password-stdin
|
|
# 6. Configure sudoers for deployment (sudo EDITOR=nvim visudo):
|
|
# forgejo-runner ALL=(discord-rss) NOPASSWD: /usr/bin/git -C /home/discord-rss/discord-rss-bot pull
|
|
# forgejo-runner ALL=(discord-rss) NOPASSWD: /usr/bin/uv sync -U --directory /home/discord-rss/discord-rss-bot
|
|
# forgejo-runner ALL=(root) NOPASSWD: /bin/systemctl restart discord-rss-bot
|
|
|
|
name: Test and build Docker image
|
|
on:
|
|
push:
|
|
branches:
|
|
- master
|
|
pull_request:
|
|
workflow_dispatch:
|
|
schedule:
|
|
- cron: "0 0 1 * *"
|
|
|
|
jobs:
|
|
docker:
|
|
runs-on: self-hosted
|
|
steps:
|
|
# Download the latest commit from the master branch
|
|
- uses: actions/checkout@v6
|
|
|
|
# Verify local tools are available on the self-hosted runner
|
|
- name: Check local toolchain
|
|
run: |
|
|
python --version
|
|
uv --version
|
|
ruff --version
|
|
docker version
|
|
|
|
# Bootstrap a local Buildx builder for multi-arch builds
|
|
# (requires qemu-user-static and qemu-user-static-binfmt installed via pacman)
|
|
- name: Configure local buildx for multi-arch
|
|
run: |
|
|
docker buildx inspect local-multiarch-builder >/dev/null 2>&1 || \
|
|
docker buildx create --name local-multiarch-builder --driver docker-container
|
|
docker buildx use local-multiarch-builder
|
|
docker buildx inspect --bootstrap
|
|
|
|
- name: Lint Python code
|
|
run: ruff check --exit-non-zero-on-fix --verbose
|
|
|
|
- name: Check Python formatting
|
|
run: ruff format --check --verbose
|
|
|
|
- name: Lint Dockerfile
|
|
run: docker build --check .
|
|
|
|
- name: Install dependencies
|
|
run: uv sync --all-extras --all-groups
|
|
|
|
- name: Run tests
|
|
run: uv run pytest
|
|
|
|
- id: tags
|
|
name: Compute image tags
|
|
run: |
|
|
IMAGE="ghcr.io/thelovinator1/discord-rss-bot"
|
|
if [ "${FORGEJO_REF}" = "refs/heads/master" ]; then
|
|
echo "tags=${IMAGE}:latest,${IMAGE}:master" >> "$FORGEJO_OUTPUT"
|
|
else
|
|
SHORT_SHA="$(echo "$FORGEJO_SHA" | cut -c1-12)"
|
|
echo "tags=${IMAGE}:sha-${SHORT_SHA}" >> "$FORGEJO_OUTPUT"
|
|
fi
|
|
|
|
# Build (and optionally push) Docker image
|
|
- name: Build and push Docker image
|
|
env:
|
|
TAGS: ${{ steps.tags.outputs.tags }}
|
|
run: |
|
|
IFS=',' read -r -a tag_array <<< "$TAGS"
|
|
tag_args=()
|
|
for tag in "${tag_array[@]}"; do
|
|
tag_args+=( -t "$tag" )
|
|
done
|
|
|
|
if [ "${{ forge.event_name }}" = "pull_request" ]; then
|
|
docker buildx build --platform linux/amd64,linux/arm64 "${tag_args[@]}" --load .
|
|
else
|
|
docker buildx build --platform linux/amd64,linux/arm64 "${tag_args[@]}" --push .
|
|
fi
|
|
|
|
# Deploy to production server
|
|
- name: Deploy to Server
|
|
if: success() && forge.ref == 'refs/heads/master'
|
|
run: |
|
|
sudo -u discord-rss git -C /home/discord-rss/discord-rss-bot pull
|
|
sudo -u discord-rss uv sync -U --directory /home/discord-rss/discord-rss-bot
|
|
sudo systemctl restart discord-rss-bot
|