michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(ci): improve image selection and registry handling in deployment workflow

Browse Source 
- Add better image selection logic with fallback handling
- Support multiple registry logins for different image sources
- Improve error handling and image URL parsing
- Add proper argument escaping for SSH deployment script
This commit is contained in:
Michael Schiemer
2025-11-01 22:16:23 +01:00
parent fa28e3580a
commit 5ec5c41a0a
1 changed files with 83 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

110
.gitea/workflows/build-image.yml
View File

@@ -830,57 +830,113 @@ jobs:
set -e set -e
DEPLOYMENT_HOST="${{ env.DEPLOYMENT_HOST }}" DEPLOYMENT_HOST="${{ env.DEPLOYMENT_HOST }}"
REGISTRY="${{ env.REGISTRY }}" REGISTRY_HOST="${{ env.REGISTRY }}"
IMAGE_NAME="${{ env.IMAGE_NAME }}" IMAGE_NAME="${{ env.IMAGE_NAME }}"
BUILD_RESULT="${{ needs.build.result }}" BUILD_RESULT="${{ needs.build.result }}"
IMAGE_TAG="${{ needs.build.outputs.image_tag || 'latest' }}" IMAGE_TAG_RAW="${{ needs.build.outputs.image_tag }}"
IMAGE_URL_RAW="${{ needs.build.outputs.image_url }}"
if [ "$BUILD_RESULT" != "success" ]; then DEFAULT_IMAGE="${REGISTRY_HOST}/${IMAGE_NAME}:latest"
IMAGE_TAG="latest" SELECTED_IMAGE=""
if [ "$BUILD_RESULT" = "success" ] && [ -n "$IMAGE_URL_RAW" ] && [ "$IMAGE_URL_RAW" != "null" ]; then
SELECTED_IMAGE="$IMAGE_URL_RAW"
fi fi
if [ -z "$IMAGE_TAG" ] || [ "$IMAGE_TAG" = "null" ]; then if [ -z "$SELECTED_IMAGE" ]; then
IMAGE_TAG="latest" if [ "$BUILD_RESULT" = "success" ] && [ -n "$IMAGE_TAG_RAW" ] && [ "$IMAGE_TAG_RAW" != "null" ]; then
SELECTED_IMAGE="${REGISTRY_HOST}/${IMAGE_NAME}:${IMAGE_TAG_RAW}"
else
SELECTED_IMAGE="$DEFAULT_IMAGE"
fi
fi
if [ -z "$SELECTED_IMAGE" ]; then
SELECTED_IMAGE="$DEFAULT_IMAGE"
fi
SELECTED_TAG="${SELECTED_IMAGE##*:}"
SELECTED_REPO="${SELECTED_IMAGE%:*}"
if [ -z "$SELECTED_REPO" ] || [ "$SELECTED_REPO" = "$SELECTED_IMAGE" ]; then
FALLBACK_IMAGE="$DEFAULT_IMAGE"
else
FALLBACK_IMAGE="${SELECTED_REPO}:latest"
fi fi
FULL_IMAGE="${REGISTRY}/${IMAGE_NAME}:${IMAGE_TAG}"
STACK_PATH="~/deployment/stacks/staging" STACK_PATH="~/deployment/stacks/staging"
echo "🚀 Starting staging deployment..." echo "🚀 Starting staging deployment..."
echo " Image: ${FULL_IMAGE}" echo " Image: ${SELECTED_IMAGE}"
echo " Tag: ${IMAGE_TAG}" echo " Tag: ${SELECTED_TAG}"
echo " Host: ${DEPLOYMENT_HOST}" echo " Host: ${DEPLOYMENT_HOST}"
echo " Stack: ${STACK_PATH}" echo " Stack: ${STACK_PATH}"
FULL_IMAGE_ARG=$(printf '%q' "$SELECTED_IMAGE")
FALLBACK_IMAGE_ARG=$(printf '%q' "$FALLBACK_IMAGE")
IMAGE_NAME_ARG=$(printf '%q' "$IMAGE_NAME")
STACK_PATH_ARG=$(printf '%q' "$STACK_PATH")
REGISTRY_ARG=$(printf '%q' "$REGISTRY_HOST")
ssh -i ~/.ssh/production \ ssh -i ~/.ssh/production \
-o StrictHostKeyChecking=no \ -o StrictHostKeyChecking=no \
-o UserKnownHostsFile=/dev/null \ -o UserKnownHostsFile=/dev/null \
deploy@${DEPLOYMENT_HOST} <<EOF deploy@${DEPLOYMENT_HOST} "bash -s -- $FULL_IMAGE_ARG $FALLBACK_IMAGE_ARG $IMAGE_NAME_ARG $STACK_PATH_ARG $REGISTRY_ARG" <<'EOF'
set -e set -e
FULL_IMAGE="$1"
FALLBACK_IMAGE="$2"
IMAGE_NAME="$3"
STACK_PATH="$4"
REGISTRY="$5"
shift 5
STACK_TARGET="${STACK_PATH:-~/deployment/stacks/staging}"
case "$STACK_TARGET" in
~*) STACK_TARGET="${HOME}${STACK_TARGET#~}" ;;
esac
# Ensure staging stack directory exists # Ensure staging stack directory exists
mkdir -p ${STACK_PATH} mkdir -p "${STACK_TARGET}"
cd ${STACK_PATH} cd "${STACK_TARGET}"
echo "🔐 Logging in to Docker registry..." declare -a REGISTRY_TARGETS=()
echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login ${REGISTRY} \ if [ -n "${REGISTRY}" ]; then
-u "${{ secrets.REGISTRY_USER }}" \ REGISTRY_TARGETS+=("${REGISTRY}")
--password-stdin || echo "⚠️ Registry login failed, continuing..." fi
for IMAGE_REF in "${FULL_IMAGE}" "${FALLBACK_IMAGE}"; do
if [ -n "${IMAGE_REF}" ]; then
HOST_PART="${IMAGE_REF%%/*}"
if [ -n "${HOST_PART}" ]; then
if ! printf '%s\n' "${REGISTRY_TARGETS[@]}" | grep -qx "${HOST_PART}"; then
REGISTRY_TARGETS+=("${HOST_PART}")
fi
fi
fi
done
echo "📥 Pulling image ${FULL_IMAGE}..." for TARGET in "${REGISTRY_TARGETS[@]}"; do
if ! docker pull ${FULL_IMAGE}; then [ -z "${TARGET}" ] && continue
if [ "${IMAGE_TAG}" != "latest" ]; then echo "🔐 Logging in to Docker registry ${TARGET}..."
echo "⚠️ Failed to pull ${FULL_IMAGE}, falling back to :latest" echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login "${TARGET}" \
IMAGE_TAG="latest" -u "${{ secrets.REGISTRY_USER }}" \
FULL_IMAGE="${REGISTRY}/${IMAGE_NAME}:${IMAGE_TAG}" --password-stdin || echo "⚠️ Registry login failed for ${TARGET}, continuing..."
if docker pull ${FULL_IMAGE}; then done
echo " Using fallback image ${FULL_IMAGE}"
DEPLOY_IMAGE="$FULL_IMAGE"
echo "📥 Pulling image ${DEPLOY_IMAGE}..."
if ! docker pull "${DEPLOY_IMAGE}"; then
if [ -n "${FALLBACK_IMAGE}" ] && [ "${DEPLOY_IMAGE}" != "${FALLBACK_IMAGE}" ]; then
echo "⚠️ Failed to pull ${DEPLOY_IMAGE}, attempting fallback ${FALLBACK_IMAGE}"
if docker pull "${FALLBACK_IMAGE}"; then
DEPLOY_IMAGE="${FALLBACK_IMAGE}"
echo " Using fallback image ${DEPLOY_IMAGE}"
else else
echo "❌ Failed to pull fallback image ${FULL_IMAGE}" echo "❌ Failed to pull fallback image ${FALLBACK_IMAGE}"
exit 1 exit 1
fi fi
else else
echo "❌ Failed to pull image ${FULL_IMAGE}" echo "❌ Failed to pull image ${DEPLOY_IMAGE}"
exit 1 exit 1
fi fi
fi fi
@@ -896,7 +952,7 @@ jobs:
# Update docker-compose.yml with new image tag # Update docker-compose.yml with new image tag
echo "📝 Updating docker-compose.yml..." echo "📝 Updating docker-compose.yml..."
sed -i "s|image:.*/${IMAGE_NAME}:.*|image: ${FULL_IMAGE}|g" docker-compose.yml sed -i "s|image:.*/${IMAGE_NAME}:.*|image: ${DEPLOY_IMAGE}|g" docker-compose.yml
echo "✅ Updated docker-compose.yml:" echo "✅ Updated docker-compose.yml:"
grep "image:" docker-compose.yml | head -5 grep "image:" docker-compose.yml | head -5