From 2856b170ad9406f4013104e725f685ca9eb6f68c Mon Sep 17 00:00:00 2001 From: Tien Ngo Date: Mon, 9 Feb 2026 14:07:31 +0700 Subject: [PATCH] v2 --- .gitea/workflows/deploy-compose.reusable.yml | 92 --------- .gitea/workflows/deploy-direct.example.yml | 28 --- .../deploy-uses-reusable.example.yml | 19 -- .gitea/workflows/harbor-build-deploy.yml | 4 +- .../harbor-build-push-deploy.example.yml | 32 --- .../harbor-build-push-deploy.reusable.yml | 190 ------------------ 6 files changed, 2 insertions(+), 363 deletions(-) delete mode 100644 .gitea/workflows/deploy-compose.reusable.yml delete mode 100644 .gitea/workflows/deploy-direct.example.yml delete mode 100644 .gitea/workflows/deploy-uses-reusable.example.yml delete mode 100644 .gitea/workflows/harbor-build-push-deploy.example.yml delete mode 100644 .gitea/workflows/harbor-build-push-deploy.reusable.yml diff --git a/.gitea/workflows/deploy-compose.reusable.yml b/.gitea/workflows/deploy-compose.reusable.yml deleted file mode 100644 index e6499c8..0000000 --- a/.gitea/workflows/deploy-compose.reusable.yml +++ /dev/null @@ -1,92 +0,0 @@ -name: Deploy (Compose) - -"on": - workflow_call: - inputs: - runner: - description: "Single runner label (example: ubuntu-latest or self-hosted)" - required: true - type: string - runner_json: - description: "Optional JSON array of runner labels (example: [\"self-hosted\",\"prod\"]). If set, overrides runner." - required: false - type: string - default: "" - image: - description: Image reference to deploy (registry/repo:tag or @sha256) - required: true - type: string - registry: - description: "Registry host for optional docker login (example: harbor.hcmc.online). If empty, login step is skipped." - required: false - type: string - default: "" - workdir: - description: Directory containing compose files on the target runner - required: false - type: string - default: . - compose_args: - description: Arguments after `docker compose` - required: false - type: string - default: up -d --pull always --remove-orphans - secrets: - REGISTRY_USERNAME: - description: "Optional registry username for docker login (recommended for private registries)" - required: false - REGISTRY_PASSWORD: - description: "Optional registry password/token for docker login (recommended for private registries)" - required: false - -jobs: - deploy: - runs-on: ${{ inputs.runner_json != '' && fromJSON(inputs.runner_json) || inputs.runner }} - env: - REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} - REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} - - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Docker Login (Optional) - if: inputs.registry != '' && env.REGISTRY_USERNAME != '' && env.REGISTRY_PASSWORD != '' - uses: docker/login-action@v3 - with: - registry: ${{ inputs.registry }} - username: ${{ env.REGISTRY_USERNAME }} - password: ${{ env.REGISTRY_PASSWORD }} - - - name: Show target server (Linux/macOS) - if: runner.os != 'Windows' - shell: bash - run: | - echo "Deploying on runner: ${{ inputs.runner }}" - echo "Image: ${{ inputs.image }}" - - - name: Show target server (Windows) - if: runner.os == 'Windows' - shell: pwsh - run: | - Write-Output "Deploying on runner: ${{ inputs.runner }}" - Write-Output "Image: ${{ inputs.image }}" - - - name: Compose Up (Linux/macOS) - if: runner.os != 'Windows' - shell: bash - working-directory: ${{ inputs.workdir }} - env: - DOCKER_IMAGE: ${{ inputs.image }} - run: | - set -euo pipefail - docker compose ${{ inputs.compose_args }} - - - name: Compose Up (Windows) - if: runner.os == 'Windows' - shell: pwsh - working-directory: ${{ inputs.workdir }} - env: - DOCKER_IMAGE: ${{ inputs.image }} - run: | - docker compose ${{ inputs.compose_args }} diff --git a/.gitea/workflows/deploy-direct.example.yml b/.gitea/workflows/deploy-direct.example.yml deleted file mode 100644 index 88838fd..0000000 --- a/.gitea/workflows/deploy-direct.example.yml +++ /dev/null @@ -1,28 +0,0 @@ -name: Deploy Direct (Example) - -"on": - workflow_dispatch: - inputs: - runner: - description: Runner label (use self-hosted label for real deploy) - required: true - default: ubuntu-latest - image: - description: Image to deploy (registry/repo:tag) - required: true - -jobs: - deploy: - runs-on: ${{ inputs.runner }} - - steps: - # Required for local action usage: `uses: ./.github/actions/...` - - name: Checkout - uses: actions/checkout@v4 - - - name: Compose Up - uses: ./.github/actions/compose-up - with: - image: ${{ inputs.image }} - workdir: . - compose_args: up -d --pull always --remove-orphans diff --git a/.gitea/workflows/deploy-uses-reusable.example.yml b/.gitea/workflows/deploy-uses-reusable.example.yml deleted file mode 100644 index 33a834f..0000000 --- a/.gitea/workflows/deploy-uses-reusable.example.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: Deploy Using Reusable (Example) - -"on": - workflow_dispatch: - inputs: - runner: - description: Runner label (single label) - required: true - default: ubuntu-latest - image: - description: Image to deploy - required: true - -jobs: - deploy: - uses: ./.github/workflows/deploy-compose.reusable.yml - with: - runner: ${{ inputs.runner }} - image: ${{ inputs.image }} diff --git a/.gitea/workflows/harbor-build-deploy.yml b/.gitea/workflows/harbor-build-deploy.yml index 0c25935..c86018c 100644 --- a/.gitea/workflows/harbor-build-deploy.yml +++ b/.gitea/workflows/harbor-build-deploy.yml @@ -48,7 +48,7 @@ jobs: # BUILD ONCE (single powerful runner) # ========================================================== build_and_push: - name: 🏗 Build & Push Image + name: Build & Push Image runs-on: devsg-atlantic outputs: @@ -103,7 +103,7 @@ jobs: # DEPLOY MANY (fan-out runners) # ========================================================== deploy: - name: 🚀 Deploy to Fleet + name: Deploy to Fleet needs: build_and_push strategy: diff --git a/.gitea/workflows/harbor-build-push-deploy.example.yml b/.gitea/workflows/harbor-build-push-deploy.example.yml deleted file mode 100644 index 4e02a82..0000000 --- a/.gitea/workflows/harbor-build-push-deploy.example.yml +++ /dev/null @@ -1,32 +0,0 @@ -name: Harbor Build+Push+Deploy (Example) - -"on": - workflow_dispatch: - inputs: - deploy_runner: - description: "Runner label for deploy (use self-hosted label for real deploy)" - required: true - default: self-hosted - tag: - description: "Optional tag (default: sha-)" - required: false - default: "" - -jobs: - deploy: - # Replace with your actual owner/repo and a pinned ref (tag or commit SHA). - # Example: your-org/registry-stack/.github/workflows/harbor-build-push-deploy.reusable.yml@v1 - uses: YOUR_ORG/registry-stack/.github/workflows/harbor-build-push-deploy.reusable.yml@v1 - with: - deploy_runner: ${{ inputs.deploy_runner }} - tag: ${{ inputs.tag }} - # Defaults: - # - harbor_registry: harbor.hcmc.online - # - harbor_project: ci - # - image_repo: - # - compose_workdir: . - secrets: - HARBOR_PUSH_USERNAME: ${{ secrets.HARBOR_PUSH_USERNAME }} - HARBOR_PUSH_PASSWORD: ${{ secrets.HARBOR_PUSH_PASSWORD }} - HARBOR_PULL_USERNAME: ${{ secrets.HARBOR_PULL_USERNAME }} - HARBOR_PULL_PASSWORD: ${{ secrets.HARBOR_PULL_PASSWORD }} diff --git a/.gitea/workflows/harbor-build-push-deploy.reusable.yml b/.gitea/workflows/harbor-build-push-deploy.reusable.yml deleted file mode 100644 index 1570be8..0000000 --- a/.gitea/workflows/harbor-build-push-deploy.reusable.yml +++ /dev/null @@ -1,190 +0,0 @@ -name: Harbor Build + Push + Deploy (Compose) - -"on": - workflow_call: - inputs: - # Build inputs - harbor_registry: - description: "Harbor registry hostname (example: harbor.hcmc.online)" - required: false - type: string - default: harbor.hcmc.online - harbor_project: - description: "Harbor project name (default: ci)" - required: false - type: string - default: ci - image_repo: - description: "Optional override for repo name under project (default: GitHub repository name)" - required: false - type: string - default: "" - context: - description: "Docker build context directory" - required: false - type: string - default: . - dockerfile: - description: "Dockerfile path (relative to repository root)" - required: false - type: string - default: Dockerfile - platforms: - description: "Build platforms for buildx (default: linux/amd64)" - required: false - type: string - default: linux/amd64 - tag: - description: "Optional tag to push (default: sha-)" - required: false - type: string - default: "" - - # Deploy inputs - deploy_runner: - description: "Single runner label for deploy (example: self-hosted)" - required: true - type: string - deploy_runner_json: - description: "Optional JSON array of runner labels (example: [\"self-hosted\",\"prod\"]). If set, overrides deploy_runner." - required: false - type: string - default: "" - compose_workdir: - description: "Directory containing compose files on the target runner" - required: false - type: string - default: . - compose_args: - description: "Arguments after `docker compose`" - required: false - type: string - default: up -d --pull always --remove-orphans - - secrets: - HARBOR_PUSH_USERNAME: - description: "Harbor robot/user with push rights to harbor_project" - required: true - HARBOR_PUSH_PASSWORD: - description: "Token/password for HARBOR_PUSH_USERNAME" - required: true - HARBOR_PULL_USERNAME: - description: "Harbor robot/user with pull rights to the deployed repositories" - required: true - HARBOR_PULL_PASSWORD: - description: "Token/password for HARBOR_PULL_USERNAME" - required: true - - outputs: - image_repo: - description: "Image repository (no tag/digest), e.g. harbor.hcmc.online/ci/myapp" - value: ${{ jobs.build.outputs.image_repo }} - image_digest: - description: "Content digest, e.g. sha256:..." - value: ${{ jobs.build.outputs.image_digest }} - image_ref: - description: "Immutable image ref, e.g. harbor.hcmc.online/ci/myapp@sha256:..." - value: ${{ jobs.build.outputs.image_ref }} - image_tag: - description: "Tag pushed alongside digest (for humans), e.g. sha-abc123" - value: ${{ jobs.build.outputs.image_tag }} - -jobs: - build: - runs-on: ubuntu-latest - outputs: - image_repo: ${{ steps.meta.outputs.image_repo }} - image_digest: ${{ steps.build.outputs.digest }} - image_ref: ${{ steps.meta.outputs.image_repo }}@${{ steps.build.outputs.digest }} - image_tag: ${{ steps.meta.outputs.image_tag }} - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup Buildx - uses: docker/setup-buildx-action@v3 - - - name: Compute Image Repo + Tag - id: meta - shell: bash - run: | - set -euo pipefail - repo_name="${{ inputs.image_repo }}" - if [[ -z "${repo_name}" ]]; then - repo_name="${{ github.event.repository.name }}" - fi - - tag="${{ inputs.tag }}" - if [[ -z "${tag}" ]]; then - short_sha="$(echo "${{ github.sha }}" | cut -c1-12)" - tag="sha-${short_sha}" - fi - - image_repo="${{ inputs.harbor_registry }}/${{ inputs.harbor_project }}/${repo_name}" - - echo "image_repo=${image_repo}" >> "${GITHUB_OUTPUT}" - echo "image_tag=${tag}" >> "${GITHUB_OUTPUT}" - - - name: Docker Login (Harbor Push) - uses: docker/login-action@v3 - with: - registry: ${{ inputs.harbor_registry }} - username: ${{ secrets.HARBOR_PUSH_USERNAME }} - password: ${{ secrets.HARBOR_PUSH_PASSWORD }} - - - name: Build + Push (Harbor) - id: build - uses: docker/build-push-action@v6 - with: - context: ${{ inputs.context }} - file: ${{ inputs.dockerfile }} - platforms: ${{ inputs.platforms }} - push: true - tags: | - ${{ steps.meta.outputs.image_repo }}:${{ steps.meta.outputs.image_tag }} - - deploy: - needs: build - runs-on: ${{ inputs.deploy_runner_json != '' && fromJSON(inputs.deploy_runner_json) || inputs.deploy_runner }} - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Docker Login (Harbor Pull) - uses: docker/login-action@v3 - with: - registry: ${{ inputs.harbor_registry }} - username: ${{ secrets.HARBOR_PULL_USERNAME }} - password: ${{ secrets.HARBOR_PULL_PASSWORD }} - - - name: Show deploy image - if: runner.os != 'Windows' - shell: bash - run: | - echo "Deploying: ${{ needs.build.outputs.image_repo }}@${{ needs.build.outputs.image_digest }}" - - - name: Show deploy image (Windows) - if: runner.os == 'Windows' - shell: pwsh - run: | - Write-Output "Deploying: ${{ needs.build.outputs.image_repo }}@${{ needs.build.outputs.image_digest }}" - - - name: Compose Up (Linux/macOS) - if: runner.os != 'Windows' - shell: bash - working-directory: ${{ inputs.compose_workdir }} - env: - DOCKER_IMAGE: ${{ needs.build.outputs.image_repo }}@${{ needs.build.outputs.image_digest }} - run: | - set -euo pipefail - docker compose ${{ inputs.compose_args }} - - - name: Compose Up (Windows) - if: runner.os == 'Windows' - shell: pwsh - working-directory: ${{ inputs.compose_workdir }} - env: - DOCKER_IMAGE: ${{ needs.build.outputs.image_repo }}@${{ needs.build.outputs.image_digest }} - run: | - docker compose ${{ inputs.compose_args }} -