customer-riverside/.gitea/workflows/ci.yml
Philip Peterson dee9a48b4a fix digest
2026-06-14 02:23:35 -07:00

89 lines
3.1 KiB
YAML

name: CI
on:
push:
branches: [main]
env:
REGISTRY: forge.quinefoundation.com
IMAGE: forge.quinefoundation.com/ironmagma/customer-riverside
jobs:
build:
runs-on: ubuntu-latest
container:
image: quay.io/podman/stable
options: --privileged
env:
STORAGE_DRIVER: vfs
outputs:
image_digest: ${{ steps.push.outputs.digest }}
steps:
- name: Install git
run: dnf install -y --quiet git-core
- name: Checkout
run: |
git clone --depth=1 \
"https://x-access-token:${{ secrets.GITHUB_TOKEN }}@${{ env.REGISTRY }}/${{ github.repository }}.git" \
.
git checkout "${{ github.sha }}"
- name: Log in to registry
env:
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
run: echo "$REGISTRY_PASSWORD" | podman login "$REGISTRY" -u "$REGISTRY_USERNAME" --password-stdin
- name: Build and push
id: push
env:
REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
run: |
podman build --layers=false -t "$IMAGE:${{ github.sha }}" .
podman push "$IMAGE:${{ github.sha }}"
DIGEST=$(curl -sf \
-u "${REGISTRY_USERNAME}:${REGISTRY_PASSWORD}" \
-H "Accept: application/vnd.oci.image.manifest.v1+json" \
-I \
"https://${{ env.REGISTRY }}/v2/ironmagma/customer-riverside/manifests/${{ github.sha }}" \
| grep -i 'docker-content-digest:' | grep -oE '[a-f0-9]{64}')
echo "digest=$DIGEST" >> $GITHUB_OUTPUT
bump-infra:
needs: build
runs-on: ubuntu-latest
steps:
- name: Bump riverside in infra repo
env:
FORGE_TOKEN: ${{ secrets.INFRA_TOKEN }}
FORGE_USER: ${{ secrets.REGISTRY_USERNAME }}
SHA: ${{ github.sha }}
IMAGE_DIGEST: ${{ needs.build.outputs.image_digest }}
run: |
git clone "https://${FORGE_USER}:${FORGE_TOKEN}@forge.quinefoundation.com/Cold-Air-Networks/petersweb-infra.git" infra
cd infra
BRANCH="bump-riverside-${SHA:0:7}"
git checkout -b "$BRANCH"
sed -i -E "s|(riverside@sha256:)[0-9a-f]{64}|\1${IMAGE_DIGEST}|" \
nixos/arion-riverside/arion-compose.nix
git config user.email "ci@quinefoundation.com"
git config user.name "CI"
git add nixos/arion-riverside/arion-compose.nix
git commit -m "bump riverside to ${SHA:0:7}"
git push origin "$BRANCH"
curl -sf -X POST \
-H "Authorization: token $FORGE_TOKEN" \
-H "Content-Type: application/json" \
"https://forge.quinefoundation.com/api/v1/repos/Cold-Air-Networks/petersweb-infra/pulls" \
-d "{
\"title\": \"bump riverside to ${SHA:0:7}\",
\"head\": \"$BRANCH\",
\"base\": \"main\",
\"body\": \"Automated bump from Cold-Air-Networks/customer-riverside@$SHA\"
}"