michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: replace GitHub Actions with native shell commands in workflow

Browse Source 
- Remove all GitHub Actions dependencies (checkout, setup-php, cache, buildx, build-push)
- Replace with native shell commands (git clone, apt-get, docker buildx)
- Eliminate dependency on GitHub for action downloads
- Improve stability and reduce timeout issues
- All functionality preserved, now using direct commands only
This commit is contained in:
Michael Schiemer
2025-10-31 03:31:20 +01:00
parent ba9d9bb882
commit b99765320e
1 changed files with 146 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

190
.gitea/workflows/production-deploy.yml
View File

@@ -29,33 +29,76 @@ jobs:
if: ${{ !inputs.skip_tests }} if: ${{ !inputs.skip_tests }}
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v4 run: |
REF_NAME="${{ github.ref_name }}"
REPO="${{ github.repository }}"
if [ -z "$REF_NAME" ]; then
REF_NAME="main"
fi
# Try HTTPS first, fallback to SSH
git clone --depth 1 --branch "$REF_NAME" \
"https://git.michaelschiemer.de/${REPO}.git" \
/workspace/repo || \
git clone --depth 1 --branch "$REF_NAME" \
"git@git.michaelschiemer.de:${REPO}.git" \
/workspace/repo || \
git clone --depth 1 \
"https://git.michaelschiemer.de/${REPO}.git" \
/workspace/repo
cd /workspace/repo
- name: Setup PHP - name: Setup PHP
uses: shivammathur/setup-php@v2 run: |
with: # Install PHP 8.3 and extensions
php-version: '8.3' apt-get update
extensions: mbstring, xml, pdo, pdo_mysql, zip, gd, intl, sodium, bcmath, redis apt-get install -y \
coverage: none php8.3 \
php8.3-cli \
php8.3-mbstring \
php8.3-xml \
php8.3-pdo \
php8.3-pdo-mysql \
php8.3-zip \
php8.3-gd \
php8.3-intl \
php8.3-sodium \
php8.3-bcmath \
php8.3-redis \
composer
- name: Cache Composer dependencies - name: Cache Composer dependencies (simple)
uses: actions/cache@v3 run: |
with: if [ -d "/tmp/composer-cache/vendor" ]; then
path: vendor echo "📦 Restoring cached dependencies..."
key: composer-${{ hashFiles('composer.lock') }} cp -r /tmp/composer-cache/vendor /workspace/repo/vendor || true
restore-keys: composer- fi
- name: Install dependencies - name: Install dependencies
run: composer install --no-interaction --prefer-dist --optimize-autoloader run: |
cd /workspace/repo
composer install --no-interaction --prefer-dist --optimize-autoloader
- name: Save Composer cache
run: |
mkdir -p /tmp/composer-cache
cp -r /workspace/repo/vendor /tmp/composer-cache/vendor || true
- name: Run Pest tests - name: Run Pest tests
run: ./vendor/bin/pest --colors=always run: |
cd /workspace/repo
./vendor/bin/pest --colors=always
- name: Run PHPStan - name: Run PHPStan
run: make phpstan run: |
cd /workspace/repo
make phpstan
- name: Code style check - name: Code style check
run: composer cs run: |
cd /workspace/repo
composer cs
# Job 2: Build & Push Docker Image # Job 2: Build & Push Docker Image
build: build:
@@ -65,46 +108,85 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
outputs: outputs:
image_tag: ${{ steps.meta.outputs.tag }} image_tag: ${{ steps.meta.outputs.tag }}
commit_sha: ${{ github.sha }} commit_sha: ${{ steps.meta.outputs.commit_sha }}
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v4 run: |
REF_NAME="${{ github.ref_name }}"
REPO="${{ github.repository }}"
if [ -z "$REF_NAME" ]; then
REF_NAME="main"
fi
# Try HTTPS first, fallback to SSH
git clone --depth 1 --branch "$REF_NAME" \
"https://git.michaelschiemer.de/${REPO}.git" \
/workspace/repo || \
git clone --depth 1 --branch "$REF_NAME" \
"git@git.michaelschiemer.de:${REPO}.git" \
/workspace/repo || \
git clone --depth 1 \
"https://git.michaelschiemer.de/${REPO}.git" \
/workspace/repo
cd /workspace/repo
- name: Setup Docker Buildx - name: Setup Docker Buildx
uses: docker/setup-buildx-action@v3 run: |
docker buildx create --name builder --use || docker buildx use builder
docker buildx inspect --bootstrap
- name: Generate image metadata - name: Generate image metadata
id: meta id: meta
run: | run: |
SHORT_SHA=$(echo ${{ github.sha }} | cut -c1-7) cd /workspace/repo
# Gitea Actions supports github.sha for compatibility
COMMIT_SHA="${{ github.sha }}"
if [ -z "$COMMIT_SHA" ]; then
COMMIT_SHA=$(git rev-parse HEAD)
fi
SHORT_SHA=$(echo "$COMMIT_SHA" | cut -c1-7)
TAG="${SHORT_SHA}-$(date +%s)" TAG="${SHORT_SHA}-$(date +%s)"
echo "tag=${TAG}" >> $GITHUB_OUTPUT echo "tag=${TAG}" >> $GITHUB_OUTPUT
echo "short_sha=${SHORT_SHA}" >> $GITHUB_OUTPUT echo "short_sha=${SHORT_SHA}" >> $GITHUB_OUTPUT
echo "commit_sha=${COMMIT_SHA}" >> $GITHUB_OUTPUT
echo "Generated tag: ${TAG}"
- name: Login to Registry - name: Login to Registry
run: | run: |
echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login ${{ env.REGISTRY }} -u ${{ secrets.REGISTRY_USER }} --password-stdin echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login ${{ env.REGISTRY }} -u ${{ secrets.REGISTRY_USER }} --password-stdin
- name: Build and push Docker image - name: Build and push Docker image
uses: docker/build-push-action@v5 run: |
with: cd /workspace/repo
context: . COMMIT_SHA="${{ github.sha }}"
file: ./Dockerfile.production if [ -z "$COMMIT_SHA" ]; then
push: true COMMIT_SHA=$(git rev-parse HEAD)
tags: | fi
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest REF_NAME="${{ github.ref_name }}"
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.tag }} if [ -z "$REF_NAME" ]; then
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:git-${{ steps.meta.outputs.short_sha }} REF_NAME=$(git rev-parse --abbrev-ref HEAD)
cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache fi
cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache,mode=max SHORT_SHA=$(echo "$COMMIT_SHA" | cut -c1-7)
build-args: | TAG="${SHORT_SHA}-$(date +%s)"
BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
GIT_COMMIT=${{ github.sha }} # Build with cache
GIT_BRANCH=${{ github.ref_name }} docker buildx build \
--platform linux/amd64 \
--file ./Dockerfile.production \
--tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest \
--tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${TAG} \
--tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:git-${SHORT_SHA} \
--cache-from type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache \
--cache-to type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache,mode=max \
--build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') \
--build-arg GIT_COMMIT=${COMMIT_SHA} \
--build-arg GIT_BRANCH=${REF_NAME} \
--push \
.
- name: Image scan for vulnerabilities - name: Image scan for vulnerabilities
run: | run: |
# Optional: Add Trivy or similar vulnerability scanning
echo "✅ Image built successfully: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.tag }}" echo "✅ Image built successfully: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.tag }}"
# Job 3: Deploy to Production # Job 3: Deploy to Production
@@ -117,11 +199,29 @@ jobs:
url: https://michaelschiemer.de url: https://michaelschiemer.de
steps: steps:
- name: Checkout deployment scripts - name: Checkout deployment scripts
uses: actions/checkout@v4 run: |
with: REF_NAME="${GITEA_REF_NAME:-main}"
sparse-checkout: | REPO="${GITEA_REPOSITORY}"
deployment/ansible SERVER_URL="${GITEA_SERVER_URL}"
sparse-checkout-cone-mode: false
# Try HTTPS first, fallback to SSH
if [ -n "$REPO" ] && [ -n "$SERVER_URL" ]; then
git clone --depth 1 --branch "$REF_NAME" \
"https://${SERVER_URL}/${REPO}.git" \
/workspace/repo || true
fi
# Fallback to SSH if HTTPS failed
if [ ! -d /workspace/repo ]; then
git clone --depth 1 --branch "$REF_NAME" \
"git@git.michaelschiemer.de:${REPO}.git" \
/workspace/repo || \
git clone --depth 1 \
"https://git.michaelschiemer.de/${REPO}.git" \
/workspace/repo
fi
cd /workspace/repo
- name: Setup SSH key - name: Setup SSH key
run: | run: |
@@ -132,12 +232,12 @@ jobs:
- name: Install Ansible - name: Install Ansible
run: | run: |
sudo apt-get update apt-get update
sudo apt-get install -y ansible apt-get install -y ansible
- name: Deploy via Ansible - name: Deploy via Ansible
run: | run: |
cd deployment/ansible cd /workspace/repo/deployment/ansible
ansible-playbook -i inventory/production.yml \ ansible-playbook -i inventory/production.yml \
playbooks/deploy-update.yml \ playbooks/deploy-update.yml \
-e "image_tag=${{ needs.build.outputs.image_tag }}" \ -e "image_tag=${{ needs.build.outputs.image_tag }}" \
@@ -166,7 +266,7 @@ jobs:
- name: Rollback on failure - name: Rollback on failure
if: failure() && steps.health.outcome == 'failure' if: failure() && steps.health.outcome == 'failure'
run: | run: |
cd deployment/ansible cd /workspace/repo/deployment/ansible
ansible-playbook -i inventory/production.yml \ ansible-playbook -i inventory/production.yml \
playbooks/rollback.yml playbooks/rollback.yml