sayan/Velocity-OS
1
0
Fork 0
forked from sagnik/Velocity-OS
Code Pull Requests Activity

CI: Configure Gitea Actions deployment pipeline

Browse Source
This commit is contained in:
Sagnik Ghosh
2026-05-01 12:35:54 +05:30
parent 83dd086e57
commit 5bdd6d10b9
1 changed files with 144 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

144
.gitea/workflows/deploy.yaml Normal file
View File

@@ -0,0 +1,144 @@
name: Velocity-OS Deployment Pipeline
on:
push:
branches:
- master
- main
env:
AWS_REGION: ap-south-1
DOCKER_BUILDKIT: 1
jobs:
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: 20
cache: 'npm'
cache-dependency-path: 'webos/package-lock.json'
- name: Lint WebOS
working-directory: ./webos
run: |
npm ci
npm run type-check
npm run lint
- name: Setup Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: Lint Core
working-directory: ./core
run: |
pip install ruff mypy
ruff check .
mypy . --ignore-missing-imports
build-and-push:
needs: lint
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
strategy:
matrix:
service: [core, webos, media-engine, agents]
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Build and Push Docker Image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
SERVICE: ${{ matrix.service }}
IMAGE_TAG: ${{ github.sha }}
run: |
# Build
docker build \
--cache-from $ECR_REGISTRY/velocity-os/$SERVICE:latest \
--build-arg BUILDKIT_INLINE_CACHE=1 \
--label git.sha=${{ github.sha }} \
--label git.ref=${{ github.ref_name }} \
-t $ECR_REGISTRY/velocity-os/$SERVICE:$IMAGE_TAG \
-t $ECR_REGISTRY/velocity-os/$SERVICE:latest \
./$SERVICE
# Push
docker push $ECR_REGISTRY/velocity-os/$SERVICE:$IMAGE_TAG
docker push $ECR_REGISTRY/velocity-os/$SERVICE:latest
sign-images:
needs: build-and-push
runs-on: ubuntu-latest
strategy:
matrix:
service: [core, webos, media-engine, agents]
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Install Cosign
uses: sigstore/cosign-installer@v3.1.1
with:
cosign-release: 'v2.4.0'
- name: Sign Image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
SERVICE: ${{ matrix.service }}
IMAGE_TAG: ${{ github.sha }}
run: |
IMAGE="${ECR_REGISTRY}/velocity-os/${SERVICE}:${IMAGE_TAG}"
DIGEST=$(aws ecr describe-images \
--repository-name velocity-os/${SERVICE} \
--image-ids imageTag=${IMAGE_TAG} \
--region ${AWS_REGION} \
--query 'imageDetails[0].imageDigest' --output text)
cosign sign --yes "${ECR_REGISTRY}/velocity-os/${SERVICE}@${DIGEST}"
notify-ingress:
needs: sign-images
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main'
steps:
- name: Install SSH Client
run: sudo apt-get update && sudo apt-get install -y openssh-client
- name: Notify Ingress Box
env:
INGRESS_SSH_KEY: ${{ secrets.INGRESS_SSH_KEY }}
INGRESS_BOX_IP: ${{ secrets.INGRESS_BOX_IP }}
run: |
echo "$INGRESS_SSH_KEY" > ingress_key.pem
chmod 600 ingress_key.pem
ssh -i ingress_key.pem -o StrictHostKeyChecking=no ubuntu@$INGRESS_BOX_IP "sudo systemctl start velocity-ingress-poll.service"
rm -f ingress_key.pem