Skip to content
CD

パッケージ書き込みパーミッションの追加 #2

Sign in to view logs

パッケージ書き込みパーミッションの追加

パッケージ書き込みパーミッションの追加 #2

Workflow file for this run

.github/workflows/CD.yaml at fdeccb0
name: CD
on:
pull_request:
branches:
- main
types:
- closed
permissions:
contents: read
packages: write
jobs:
push-image:
if: github.event.pull_request.merged == true
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Docker meta
id: docker_meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/sohosai/ninjin
tags: latest
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ github.token }}
- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
file: Dockerfile
push: true
tags: ${{ steps.docker_meta.outputs.tags }}
cache-from: type=gha
cache-to: type=gha,mode=max
deploy:
runs-on: ubuntu-latest
needs: push-image
steps:
- uses: actions/checkout@v4
- name: Deploy to Portainer
run: |
# List stacks
STACKS=$(curl -s -X GET "${{ secrets.PORTAINER_URL }}/api/stacks" -H "Content-Type: application/json" -gH "x-api-key:${{ secrets.PORTAINER_APIKEY }}")
# Get stack ID by name
STACK_ID=$(echo "${STACKS}" | jq -r --arg STACK_NAME "${STACK_NAME}" '.[] | select(.Name == $STACK_NAME) | .Id')
# NINJIN_VARIABLE to json
mapfile -t env_array <<< "${{ secrets.NINJIN_VARIABLE }}"
env_data=$(for item in "${env_array[@]}"; do if [ -n "$item" ]; then key=${item%%=*}; value=${item#*=}; echo "{\"name\": \"$key\", \"value\": \"$value\"},"; fi; done)
env_data="${env_data%,}"
# Create or update stack
if [ -n "${STACK_ID}" ]; then
UPDATE_DATA="{\"Prune\": ${PRUNE}, \"Env\": [$env_data], \"pullImage\": ${PULL_IMAGE}, \"stackFileContent\": \"$(cat ${COMPOSE_FILE} | tr -d '\r' | sed 's/"/\\"/g' | sed 's/$/\\n/' | tr -d '\n')\"}"
result=$(curl -sS -X PUT "${{ secrets.PORTAINER_URL }}/api/stacks/${STACK_ID}?endpointId=${ENDPOINT_ID}" -H "Content-Type: application/json" -gH "x-api-key:${{ secrets.PORTAINER_APIKEY }}" --data-binary "${UPDATE_DATA}")
result=$(echo "$result" | jq '.Env = ["***"]')
if [[ $result == *"failed to deploy a stack:"* ]]; then
exit 1
fi
else
CREATE_DATA="{\"name\": \"${STACK_NAME}\", \"Env\": [$env_data], \"stackFileContent\": \"$(cat ${COMPOSE_FILE} | tr -d '\r' | sed 's/"/\\"/g' | sed 's/$/\\n/' | tr -d '\n')\"}"
result=$(curl -sS -X POST "${{ secrets.PORTAINER_URL }}/api/stacks?type=${STACK_TYPE}&method=string&endpointId=${ENDPOINT_ID}" -H "Content-Type: application/json" -gH "x-api-key:${{ secrets.PORTAINER_APIKEY }}" --data-binary "${CREATE_DATA}")
result=$(echo "$result" | jq '.Env = ["***"]')
if [[ $result == *"failed to deploy a stack:"* ]]; then
exit 1
fi
fi
env:
STACK_NAME: "ninjin"
STACK_TYPE: 2
ENDPOINT_ID: 2
COMPOSE_FILE: "docker-compose-cd.yml"
PRUNE: "true"
PULL_IMAGE: "true"
VERIFY_SSL: "true"
notify:
runs-on: ubuntu-latest
needs: [push-image, deploy]
if: always() && !cancelled()
steps:
- name: Notify
uses: sarisia/actions-status-discord@v1
with:
webhook: ${{ secrets.DISCORD_WEBHOOK }}
status: ${{ job.status }}
content: "push-image: ${{ needs.push-image.result }}\ndeploy: ${{ needs.deploy.result }}"
title: "${{ github.workflow }}"
description: "Build and deploy status of ninjin."
color: 0x0000ff
url: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
username: GitHub Actions
avatar_url: https://r2.sohosai.com/logo.png