diff --git a/.gitea/workflows/build_publish-artifact.yml b/.gitea/workflows/build_publish-artifact.yml index 7bfa773..ef6eda6 100644 --- a/.gitea/workflows/build_publish-artifact.yml +++ b/.gitea/workflows/build_publish-artifact.yml @@ -24,8 +24,6 @@ env: GIT_PAGES_PUBLISH_TOKEN: ${{ secrets.GIT_PAGES_PUBLISH_TOKEN }} REPO: ${{ github.repository }} -# CONCURRENCY ESTO: Vain yksi ajo kerrallaan per branch. -# Jos uusi commit työnnetään ennen kuin vanha valmistuu, vanha ajo perutaan (cancel-in-progress). concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true @@ -33,9 +31,6 @@ concurrency: jobs: check: runs-on: ubuntu-latest - outputs: - artifact_exists: ${{ steps.check.outputs.artifact_exists }} - next_version: ${{ steps.check.outputs.next_version }} steps: - uses: actions/checkout@v4 @@ -45,69 +40,56 @@ jobs: bash scripts/report-status.sh pending "Checking version..." ci-check - name: Check existing artifact and calculate version - id: check run: | - # 1. Luetaan versio ja pakotetaan se muotoon X.Y (katkaistaan mahdollinen .Z pois) RAW_VERSION=$(jq -r '.version' package.json) BASE_VERSION=$(echo "$RAW_VERSION" | cut -d'.' -f1-2) echo "gitea-ci-library - Tunnistettu Major.Minor versio: $BASE_VERSION" - # 2. Haetaan tagit Gitean APIsta TAGS_JSON=$(curl -s -f -H "Authorization: token ${{ secrets.GITEA_TOKEN }}" \ "${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/tags") - # 3. Etsitään täsmääkö nykyinen commit (SHA) johonkin tagiin TAG=$(echo "$TAGS_JSON" | jq -r 'if type == "array" then .[] | select(.commit.sha == "${{ github.sha }}") | .name else empty end' | head -1) + mkdir -p /tmp/build-ctx + if [ -n "$TAG" ]; then - # Tagi löytyi -> ohitetaan kaikki tuleva - echo "artifact_exists=true" >> "$GITHUB_OUTPUT" - echo "next_version=$TAG" >> "$GITHUB_OUTPUT" + echo "ARTIFACT_EXISTS=true" > /tmp/build-ctx/build.env + echo "NEXT_VERSION=$TAG" >> /tmp/build-ctx/build.env echo "gitea-ci-library - Artefakti löytyi jo tagilla: $TAG." else - # Tagiä ei löytynyt -> lasketaan seuraava vapaa patch-numero - echo "artifact_exists=false" >> "$GITHUB_OUTPUT" + echo "ARTIFACT_EXISTS=false" > /tmp/build-ctx/build.env HIGHEST_PATCH=$(echo "$TAGS_JSON" | jq -r --arg bv "$BASE_VERSION." ' - if type == "array" then - .[ ] | .name | select(startswith($bv)) | sub($bv; "") | tonumber - else empty end' | sort -rn | head -1) - - if [ -z "$HIGHEST_PATCH" ]; then - NEXT_PATCH=0 - else - NEXT_PATCH=$((HIGHEST_PATCH + 1)) - fi + if type == "array" then .[] | .name | select(startswith($bv)) | sub($bv; "") | tonumber else empty end' | sort -rn | head -1) + if [ -z "$HIGHEST_PATCH" ]; then NEXT_PATCH=0; else NEXT_PATCH=$((HIGHEST_PATCH + 1)); fi FULL_VERSION="${BASE_VERSION}.${NEXT_PATCH}" - echo "next_version=$FULL_VERSION" >> "$GITHUB_OUTPUT" + + echo "NEXT_VERSION=$FULL_VERSION" >> /tmp/build-ctx/build.env echo "gitea-ci-library - Uusi vapaa versio: $FULL_VERSION" fi + - name: Upload build env artifact + uses: actions/upload-artifact@v4 + with: + name: build-context + path: /tmp/build-ctx/build.env + - name: Set Gitea status to SUCCESS if: success() - env: - EXISTS: ${{ steps.check.outputs.artifact_exists }} - VERSION: ${{ steps.check.outputs.next_version }} run: | - echo "===== gitea-ci-library - Check existing artifact | success =====" - if [ "${EXISTS}" = "true" ]; then - bash scripts/report-status.sh success "Skip build: version $VERSION exists" ci-check + source /tmp/build-ctx/build.env + if [ "${ARTIFACT_EXISTS}" = "true" ]; then + bash scripts/report-status.sh success "Skip build: version $NEXT_VERSION exists" ci-check else - bash scripts/report-status.sh success "Build version $VERSION required" ci-check + bash scripts/report-status.sh success "Build version $NEXT_VERSION required" ci-check fi - name: Set Gitea status to FAILURE if: failure() - run: | - echo "===== gitea-ci-library - Check existing artifact | fail =====" - bash scripts/report-status.sh failure "Check version FAILED" ci-check + run: bash scripts/report-status.sh failure "Check version FAILED" ci-check - # SINUN REUSABLE WORKFLOW KUTSUSI quality-gate: - needs: [check] - # Ajetaan vain jos check-job totesi, että artefaktia ei ole olemassa - if: needs.check.outputs.artifact_exists == 'false' uses: niko/gitea-ci-library/.gitea/workflows/quality-gate.yml@main secrets: inherit with: @@ -117,74 +99,64 @@ jobs: build: runs-on: ubuntu-latest - # Vaaditaan molemmat edeltävät jobit needs: [check, quality-gate] - - # POMMINVARMA KORJAUS: - # 1. !cancelled() ja !failed() varmistavat, että mikään aiempi job ei kaatunut tai peruttu. - # 2. needs.quality-gate.result == 'success' vaatii, että testiputki todella palautti onnistumisen. - # 3. artifact_exists == 'false' varmistaa, että uusi build tarvitaan. - # if: (!cancelled() && !failed() && needs.quality-gate.result == 'success' && needs.check.outputs.artifact_exists == 'false') - - # KORJATTU POMMINVARMA JA YKSINKERTAINEN EHTO: - # 1. needs.quality-gate.result == 'success' takaa että testit menivät puhtaasti läpi. - # 2. needs.check.outputs.artifact_exists == 'false' varmistaa, että konttia ei ole valmiina. - # Laitetaan kaikki yhdelle riville, koska act_runner usein sekoaa monirivisissä if-ehdoissa. - # if: needs.quality-gate.result == 'success' && needs.check.outputs.artifact_exists == 'false' - - # KORJATTU JA VARMA MUOTO (Ilman kieltämiäsi tai puuttuvia TODO-funktioita): - if: success('quality-gate') && needs.check.outputs.artifact_exists == 'false' - steps: - uses: actions/checkout@v4 + - name: Download build env + uses: actions/download-artifact@v4 + with: + name: build-context + path: /tmp/build-ctx + + - name: Gatekeeper check + id: gatekeeper + run: | + source /tmp/build-ctx/build.env + if [ "${ARTIFACT_EXISTS}" = "true" ]; then + echo "skip=true" >> "$GITHUB_OUTPUT" + else + echo "skip=false" >> "$GITHUB_OUTPUT" + fi + - name: Set Gitea status to PENDING + if: steps.gatekeeper.outputs.skip == 'false' run: | echo "===== gitea-ci-library - Docker Build | begin =====" bash scripts/report-status.sh pending "Building Docker image..." ci-docker-build - name: Build container - id: build - # Tuodaan laskettu versio turvallisesti ympäristömuuttujaksi bashille - env: - VERSION: ${{ needs.check.outputs.next_version }} + if: steps.gatekeeper.outputs.skip == 'false' run: | + source /tmp/build-ctx/build.env NOW=$(date -u +%Y-%m-%dT%H:%M:%SZ) - - # Jos tämä komento epäonnistuu, bash pysähtyy heti ja Gitea siirtyy FAILURE-steppiin docker build \ --label "git.commit=${{ github.sha }}" \ --label "git.commitBy=${{ github.actor }}" \ --label "build.date=${NOW}" \ - -t "minimal:${VERSION}" . + -t "minimal:${NEXT_VERSION}" . - # SUCCESS: Ajetaan vain jos Docker-build onnistui - name: Report status SUCCESS - if: success() - env: - VERSION: ${{ needs.check.outputs.next_version }} + if: steps.gatekeeper.outputs.skip == 'false' && success() run: | - echo "===== gitea-ci-library - Docker Build | success =====" - bash scripts/report-status.sh success "Docker build $VERSION OK" ci-docker-build + source /tmp/build-ctx/build.env + bash scripts/report-status.sh success "Docker build $NEXT_VERSION OK" ci-docker-build - # FAILURE: Ajetaan jos Docker-build (tai jokin muu aiempi steppi tässä jobissa) epäonnistui - name: Report status FAILURE - if: failure() - env: - VERSION: ${{ needs.check.outputs.next_version }} + if: steps.gatekeeper.outputs.skip == 'false' && failure() run: | - echo "===== gitea-ci-library - Docker Build | fail =====" - bash scripts/report-status.sh failure "Docker build $VERSION FAILED" ci-docker-build + source /tmp/build-ctx/build.env + bash scripts/report-status.sh failure "Docker build $NEXT_VERSION FAILED" ci-docker-build - # Tallennus ja upotus ajetaan vain jos kaikki tähän asti onnistui (implisiittisesti success) - name: Save Docker image - env: - VERSION: ${{ needs.check.outputs.next_version }} + if: steps.gatekeeper.outputs.skip == 'false' && success() run: | + source /tmp/build-ctx/build.env mkdir -p /tmp/image - docker save "minimal:${VERSION}" -o /tmp/image/artifact.tar + docker save "minimal:${NEXT_VERSION}" -o /tmp/image/artifact.tar - name: Upload Docker image artifact + if: steps.gatekeeper.outputs.skip == 'false' && success() uses: actions/upload-artifact@v4 with: name: docker-image @@ -192,135 +164,123 @@ jobs: push: runs-on: ubuntu-latest - # Vaaditaan check ja build. needs: [check, build] - # TÄRKEÄÄ: Ajetaan VAIN jos build-job suoritettiin onnistuneesti (eikä sitä skipattu) - if: needs.check.outputs.artifact_exists == 'false' - steps: - uses: actions/checkout@v4 + - name: Download build env + uses: actions/download-artifact@v4 + with: + name: build-context + path: /tmp/build-ctx + + - name: Gatekeeper check + id: gatekeeper + run: | + source /tmp/build-ctx/build.env + if [ "${ARTIFACT_EXISTS}" = "true" ]; then + echo "skip=true" >> "$GITHUB_OUTPUT" + else + echo "skip=false" >> "$GITHUB_OUTPUT" + fi + - name: Load saved Docker image + if: steps.gatekeeper.outputs.skip == 'false' uses: actions/download-artifact@v4 with: name: docker-image path: /tmp/image - name: Set Gitea status to PENDING + if: steps.gatekeeper.outputs.skip == 'false' run: | echo "===== gitea-ci-library - Docker Push | begin =====" bash scripts/report-status.sh pending "Pushing to registry..." ci-docker-push - name: Push to Gitea Packages - id: push - # Tuodaan versio ja tokenit turvallisesti ympäristömuuttujiksi bashille + if: steps.gatekeeper.outputs.skip == 'false' env: - VERSION: ${{ needs.check.outputs.next_version }} GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} run: | + source /tmp/build-ctx/build.env docker load -i /tmp/image/artifact.tar - - # Haetaan rekisterin osoite Gitean omasta muuttujasta (esim. ://example.com) - # Poistetaan mahdollinen https:// tai http:// alusta sedillä REGISTRY=$(echo "${{ gitea.server_url }}" | sed -e 's|^https://||' -e 's|^http://||') - - IMAGE="$REGISTRY/${{ gitea.repository }}:$VERSION" - - echo "Tagging image: $IMAGE" - docker tag "minimal:$VERSION" "$IMAGE" - - # Kirjaudutaan sisään käyttäen Gitean automaattista ajonaikaista toimijaa (github.actor) + IMAGE="$REGISTRY/${{ gitea.repository }}:${NEXT_VERSION}" + docker tag "minimal:$NEXT_VERSION" "$IMAGE" echo "$GITEA_TOKEN" | docker login "$REGISTRY" -u "${{ github.actor }}" --password-stdin - - # Työnnetään kontti rekisteriin. Jos tämä epäonnistuu, bash pysähtyy heti. docker push "$IMAGE" - - # Kirjaudutaan ulos turvallisesti docker logout "$REGISTRY" - # SUCCESS: Raportoidaan onnistuminen - name: Report status SUCCESS - if: success() - env: - VERSION: ${{ needs.check.outputs.next_version }} + if: steps.gatekeeper.outputs.skip == 'false' && success() run: | - echo "===== gitea-ci-library - Docker Push | success =====" - bash scripts/report-status.sh success "Docker push $VERSION OK" ci-docker-push + source /tmp/build-ctx/build.env + bash scripts/report-status.sh success "Docker push $NEXT_VERSION OK" ci-docker-push - # FAILURE: Raportoidaan epäonnistuminen jos push kaatui - name: Report status FAILURE - if: failure() - env: - VERSION: ${{ needs.check.outputs.next_version }} + if: steps.gatekeeper.outputs.skip == 'false' && failure() run: | - echo "===== gitea-ci-library - Docker Push | fail =====" - bash scripts/report-status.sh failure "Docker push $VERSION FAILED" ci-docker-push + source /tmp/build-ctx/build.env + bash scripts/report-status.sh failure "Docker push $NEXT_VERSION FAILED" ci-docker-push tag-commit: runs-on: ubuntu-latest - # Vaaditaan check (version saamiseksi) ja push (varmistetaan että kontti on rekisterissä) needs: [check, push] - # TÄRKEÄÄ: Tämä ajetaan vain, jos uusi kontti todella rakennettiin ja pushattiin. - # Jos artefakti oli jo olemassa, tämäkin skipataan automaattisesti. - if: needs.check.outputs.artifact_exists == 'false' - steps: - uses: actions/checkout@v4 + - name: Download build env + uses: actions/download-artifact@v4 + with: + name: build-context + path: /tmp/build-ctx + + - name: Gatekeeper check + id: gatekeeper + run: | + source /tmp/build-ctx/build.env + if [ "${ARTIFACT_EXISTS}" = "true" ]; then + echo "skip=true" >> "$GITHUB_OUTPUT" + else + echo "skip=false" >> "$GITHUB_OUTPUT" + fi + - name: Set Gitea status to PENDING + if: steps.gatekeeper.outputs.skip == 'false' run: | echo "===== gitea-ci-library - Create Tag | begin =====" bash scripts/report-status.sh pending "Creating tag..." ci-docker-tag - name: Create git tag - id: tag - # Tuodaan kaikki tarvittavat muuttujat Gitean kontekstista suoraan Bashille + if: steps.gatekeeper.outputs.skip == 'false' env: - VERSION: ${{ needs.check.outputs.next_version }} GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} REPO: ${{ github.repository }} SERVER_URL: ${{ gitea.server_url }} RUN_NUMBER: ${{ github.run_number }} SHA: ${{ github.sha }} run: | - # Tehdään API-kutsu ja napataan HTTP-statuskoodi talteen + source /tmp/build-ctx/build.env HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" -X POST \ "$SERVER_URL/api/v1/repos/$REPO/tags" \ -H "Authorization: token $GITEA_TOKEN" \ -H "Content-Type: application/json" \ - -d "{ - \"tag_name\": \"$VERSION\", - \"message\": \"Build #$RUN_NUMBER\", - \"target\": \"$SHA\" - }") + -d "{\"tag_name\": \"$NEXT_VERSION\", \"message\": \"Build #$RUN_NUMBER\", \"target\": \"$SHA\"}") - echo "gitea-ci-library - Gitea API palautti statuskoodin: $HTTP_CODE" - - # 201 = Luotu onnistuneesti, 409 = Tagi on jo olemassa (esim. rinnakkainen ajo ehti ensin) if [ "$HTTP_CODE" = "201" ] || [ "$HTTP_CODE" = "409" ]; then - echo "Tag $VERSION OK" - # Tämä asettaa stepin onnistuneeksi (Gitea Actions tulkitsee tämän automaattisesti) exit 0 else - echo "Tagging failed with HTTP $HTTP_CODE" >&2 - # Jos koodi on jotain muuta (esim 401 tai 404), kaadetaan steppi exit 1:llä exit 1 fi - # SUCCESS: Ajetaan vain jos tagitus onnistui (eli API antoi 201 tai 409) - name: Report status SUCCESS - if: success() - env: - VERSION: ${{ needs.check.outputs.next_version }} + if: steps.gatekeeper.outputs.skip == 'false' && success() run: | - echo "===== gitea-ci-library - Create Tag | success =====" - bash scripts/report-status.sh success "Tag $VERSION OK" ci-docker-tag + source /tmp/build-ctx/build.env + bash scripts/report-status.sh success "Tag $NEXT_VERSION OK" ci-docker-tag - # FAILURE: Ajetaan jos API-kutsu palautti virheen ja skripti teki 'exit 1' - name: Report status FAILURE - if: failure() - env: - VERSION: ${{ needs.check.outputs.next_version }} + if: steps.gatekeeper.outputs.skip == 'false' && failure() run: | - echo "===== gitea-ci-library - Create Tag | fail =====" - bash scripts/report-status.sh failure "Tag $VERSION FAILED" ci-docker-tag + source /tmp/build-ctx/build.env + bash scripts/report-status.sh failure "Tag $NEXT_VERSION FAILED" ci-docker-tag