diff --git a/.forgejo/workflows/deploy.yml b/.forgejo/workflows/deploy.yml index a47e803..ddac3c9 100644 --- a/.forgejo/workflows/deploy.yml +++ b/.forgejo/workflows/deploy.yml @@ -11,19 +11,26 @@ jobs: swarm_files: ${{ steps.changes.outputs.swarm_files }} compose_matrix: ${{ steps.changes.outputs.compose_matrix }} steps: - - name: Checkout repository (no node) + - name: Checkout repository (git clone, no node) shell: bash + env: + CLONE_URL: ${{ github.server_url }}/${{ github.repository }}.git + BRANCH: ${{ github.ref_name }} run: | set -euo pipefail - git config --global --add safe.directory "$PWD" - git fetch origin - git checkout -B "$GITHUB_REF_NAME" "origin/$GITHUB_REF_NAME" + rm -rf repo + git clone --branch "$BRANCH" --depth 50 "$CLONE_URL" repo + cd repo + # Ensure exact commit for this run + git fetch --depth 50 origin "${{ github.sha }}" + git checkout -q "${{ github.sha }}" - name: Detect changed YAML files id: changes shell: bash run: | set -euo pipefail + cd repo BASE="${{ github.event.before }}" HEAD="${{ github.sha }}" @@ -62,25 +69,33 @@ jobs: JSON+=']}' echo "compose_matrix=$JSON" >> "$GITHUB_OUTPUT" + echo "compose_matrix=$JSON" deploy_swarm: needs: detect if: ${{ needs.detect.outputs.swarm_files != '' }} runs-on: docker2 steps: - - name: Checkout repository (no node) + - name: Checkout repository (git clone, no node) shell: bash + env: + CLONE_URL: ${{ github.server_url }}/${{ github.repository }}.git + BRANCH: ${{ github.ref_name }} run: | set -euo pipefail - git config --global --add safe.directory "$PWD" - git fetch origin - git checkout -B "$GITHUB_REF_NAME" "origin/$GITHUB_REF_NAME" + rm -rf repo + git clone --branch "$BRANCH" --depth 50 "$CLONE_URL" repo + cd repo + git fetch --depth 50 origin "${{ github.sha }}" + git checkout -q "${{ github.sha }}" - name: Validate swarm stacks shell: bash run: | set -euo pipefail + cd repo for f in ${{ needs.detect.outputs.swarm_files }}; do + echo "Validating swarm stack file: $f" docker stack config -c "$f" >/dev/null done @@ -88,8 +103,10 @@ jobs: shell: bash run: | set -euo pipefail + cd repo for f in ${{ needs.detect.outputs.swarm_files }}; do STACK="$(basename "$f" | sed 's/\.ya\?ml$//')" + echo "Deploying swarm stack: $STACK from $f" docker stack deploy -c "$f" "$STACK" done @@ -101,23 +118,32 @@ jobs: matrix: ${{ fromJSON(needs.detect.outputs.compose_matrix) }} runs-on: ${{ matrix.host }} steps: - - name: Checkout repository (no node) + - name: Checkout repository (git clone, no node) shell: bash + env: + CLONE_URL: ${{ github.server_url }}/${{ github.repository }}.git + BRANCH: ${{ github.ref_name }} run: | set -euo pipefail - git config --global --add safe.directory "$PWD" - git fetch origin - git checkout -B "$GITHUB_REF_NAME" "origin/$GITHUB_REF_NAME" + rm -rf repo + git clone --branch "$BRANCH" --depth 50 "$CLONE_URL" repo + cd repo + git fetch --depth 50 origin "${{ github.sha }}" + git checkout -q "${{ github.sha }}" - name: Validate compose file shell: bash run: | set -euo pipefail + cd repo + echo "Validating compose file: ${{ matrix.file }}" docker compose -f "${{ matrix.file }}" config -q - name: Deploy compose file shell: bash run: | set -euo pipefail + cd repo + echo "Deploying compose file: ${{ matrix.file }}" docker compose -f "${{ matrix.file }}" pull docker compose -f "${{ matrix.file }}" up -d --remove-orphans