ci: add Gitea Actions workflows

2026-04-25 18:20:14 +02:00
parent b9654d7a7c
commit 709588302c
2 changed files with 195 additions and 0 deletions
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -0,0 +1,94 @@
+name: Deploy to GitOps
+
+# Manually triggered. Bumps the image tag in pieced-gitops so ArgoCD rolls
+# the new version out. Does not build anything itself — the build workflow
+# is the only thing that creates and pushes images.
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version to deploy (e.g. 0.1.5). Must already exist in the registry.'
+        required: true
+        type: string
+
+env:
+  REGISTRY: registry.c5ai.ch
+  IMAGE: pieced/pieced-portal
+  GITOPS_REPO: admin/pieced-gitops
+  GITOPS_FILE: apps/portal/deployment.yaml
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Verify image exists in registry
+        # Fail fast if the user typed a version that was never built. Catches
+        # typos before we touch the gitops repo.
+        run: |
+          set -euo pipefail
+          status=$(curl -sf -o /dev/null -w '%{http_code}' \
+            -u "${{ secrets.REGISTRY_USERNAME }}:${{ secrets.REGISTRY_PASSWORD }}" \
+            "https://${REGISTRY}/v2/${IMAGE}/manifests/${{ inputs.version }}" \
+            || true)
+          if [ "$status" != "200" ]; then
+            echo "::error::Image ${REGISTRY}/${IMAGE}:${{ inputs.version }} not found (HTTP $status)"
+            exit 1
+          fi
+          echo "Confirmed: ${REGISTRY}/${IMAGE}:${{ inputs.version }} exists."
+
+      - name: Checkout pieced-gitops
+        uses: actions/checkout@v4
+        with:
+          repository: ${{ env.GITOPS_REPO }}
+          token: ${{ secrets.CI_TOKEN }}
+          path: gitops
+          # We need history to commit + push back; default fetch-depth: 1 is fine
+          # for a single commit but force a clean shallow clone:
+          fetch-depth: 1
+
+      - name: Update image tag
+        working-directory: gitops
+        env:
+          VERSION: ${{ inputs.version }}
+        run: |
+          set -euo pipefail
+          file="${GITOPS_FILE}"
+          if [ ! -f "$file" ]; then
+            echo "::error::$file not found in gitops repo"
+            exit 1
+          fi
+          # Anchored to the full image path to avoid accidentally rewriting
+          # any unrelated 'image:' line that might appear later.
+          sed -i -E \
+            "s|(image: ${REGISTRY}/${IMAGE}:)[^[:space:]]+|\1${VERSION}|" \
+            "$file"
+          echo "--- diff ---"
+          git --no-pager diff "$file" || true
+
+      - name: Commit and push
+        working-directory: gitops
+        env:
+          VERSION: ${{ inputs.version }}
+        run: |
+          set -euo pipefail
+          if git diff --quiet; then
+            echo "No changes — image tag was already ${VERSION}."
+            exit 0
+          fi
+          git config user.name "pieced-ci"
+          git config user.email "ci@pieced.ch"
+          git add "${GITOPS_FILE}"
+          git commit -m "Bump pieced-portal to ${VERSION}"
+          git push
+
+      - name: Summary
+        env:
+          VERSION: ${{ inputs.version }}
+        run: |
+          {
+            echo "## Deployed: pieced-portal ${VERSION}"
+            echo
+            echo "ArgoCD will sync within its refresh interval."
+            echo "Watch with: \`kubectl get app -n argocd portal -w\`"
+          } >> "$GITHUB_STEP_SUMMARY"