eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/.forgejo/workflows/build-blumeops.yaml
Erich Blume 1f73eb675d Auto-deploy docs from build workflow (#93) 
## Summary
- Add `uv` and `argocd` CLI to forgejo-runner container image
- Add `workflow-bot` ArgoCD account with sync permissions (declarative via kustomize patches)
- Add `ARGOCD_AUTH_TOKEN` to forgejo-runner external secret for workflow auth
- Update build workflow to auto-deploy docs after release:
  - Update configmap with new release URL
  - Commit changelog and configmap changes
  - Sync docs app via ArgoCD

## Deployment and Testing
Manual steps required before this can work:
1. [ ] Build and push new forgejo-runner image (v2.4.0)
2. [ ] Sync argocd app to create workflow-bot account
3. [ ] Generate token: `argocd account generate-token --account workflow-bot`
4. [ ] Store token in 1Password under "Forgejo Secrets" with field `argocd_token`
5. [ ] Sync forgejo-runner app to pick up new external secret
6. [ ] Update forgejo-runner deployment to use new image version
7. [ ] Test by running workflow manually

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/93
2026-02-03 16:58:03 -08:00

259 lines
8.9 KiB
YAML
Raw Blame History

# BlumeOps Release Workflow
#
# Creates a versioned release of BlumeOps with all build artifacts.
# Currently includes:
# - Documentation site (Quartz static build)
# - Changelog (built from towncrier fragments)
#
# Usage:
# 1. Go to Actions > Build BlumeOps > Run workflow
# 2. Enter a version tag (e.g., v1.2.0) or leave empty to auto-increment patch
# 3. The workflow creates a release with attached artifacts
#
# Documentation asset URL:
# https://forge.ops.eblu.me/eblume/blumeops/releases/download/<tag>/docs-<version>.tar.gz
name: Build BlumeOps
on:
workflow_dispatch:
inputs:
version:
description: 'Version (e.g., v1.2.0) or empty to auto-increment patch (v_._.+1)'
required: false
default: ''
type: string
jobs:
build:
runs-on: k8s
steps:
- name: Resolve version
id: version
run: |
INPUT_VERSION="${{ inputs.version }}"
if [ -n "$INPUT_VERSION" ]; then
# User provided a version - validate it
if [[ ! "$INPUT_VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "Error: Version must be in format vX.Y.Z (e.g., v1.0.0)"
exit 1
fi
VERSION="$INPUT_VERSION"
echo "Using provided version: $VERSION"
else
# Auto-increment patch version from latest release
echo "Fetching latest release..."
LATEST=$(curl -s "https://forge.ops.eblu.me/api/v1/repos/eblume/blumeops/releases/latest" | jq -r '.tag_name // empty' || true)
if [ -z "$LATEST" ]; then
VERSION="v1.0.0"
echo "No previous releases found, starting at: $VERSION"
else
# Parse vX.Y.Z and increment patch
VERSION=$(echo "$LATEST" | awk -F. '{print $1"."$2"."$3+1}')
echo "Auto-incremented from $LATEST to: $VERSION"
fi
fi
# Check if this version already exists
if curl -sf "https://forge.ops.eblu.me/api/v1/repos/eblume/blumeops/releases/tags/$VERSION" > /dev/null 2>&1; then
echo "Error: Release $VERSION already exists"
echo "See: https://forge.ops.eblu.me/eblume/blumeops/releases/tag/$VERSION"
exit 1
fi
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
echo "Building BlumeOps release: $VERSION"
- name: Checkout
uses: actions/checkout@v4
with:
# Need full history for git operations
fetch-depth: 0
- name: Build changelog
run: |
VERSION="${{ steps.version.outputs.version }}"
# Check if there are any changelog fragments
FRAGMENTS=$(find docs/changelog.d -name "*.md" -not -name ".gitkeep" 2>/dev/null | wc -l)
if [ "$FRAGMENTS" -gt 0 ]; then
echo "Found $FRAGMENTS changelog fragments, building changelog..."
uvx towncrier build --version "$VERSION" --yes
echo "changelog_updated=true" >> "$GITHUB_OUTPUT"
else
echo "No changelog fragments found, skipping towncrier"
echo "changelog_updated=false" >> "$GITHUB_OUTPUT"
fi
id: changelog
- name: Build docs
run: |
VERSION="${{ steps.version.outputs.version }}"
echo "Node version: $(node --version)"
echo "NPM version: $(npm --version)"
# Clone Quartz
git clone --depth 1 https://github.com/jackyzha0/quartz.git /tmp/quartz
cd /tmp/quartz
# Install dependencies
npm ci
# Copy our configuration (lives in docs/ to keep repo root clean)
cp "$GITHUB_WORKSPACE/docs/quartz.config.ts" .
cp "$GITHUB_WORKSPACE/docs/quartz.layout.ts" .
# Copy docs as content (includes index.md)
rm -rf content
cp -r "$GITHUB_WORKSPACE/docs" content
# Build
echo "Building static site..."
npx quartz build
# Create tarball
TARBALL="docs-${VERSION}.tar.gz"
echo "Creating tarball: $TARBALL"
tar -czf "$GITHUB_WORKSPACE/$TARBALL" -C public .
echo "Build complete!"
ls -lh "$GITHUB_WORKSPACE/$TARBALL"
- name: Create release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
VERSION="${{ steps.version.outputs.version }}"
TARBALL="docs-${VERSION}.tar.gz"
echo "Creating release $VERSION..."
# Use Forgejo API to create release (requires authentication)
RELEASE_DATA=$(cat <<EOF
{
"tag_name": "$VERSION",
"name": "BlumeOps $VERSION",
"body": "BlumeOps release $VERSION\n\n## Documentation\n\nDownload \`$TARBALL\` and configure the quartz container with:\n\n\`\`\`\nDOCS_RELEASE_URL=https://forge.ops.eblu.me/eblume/blumeops/releases/download/$VERSION/$TARBALL\n\`\`\`",
"draft": false,
"prerelease": false
}
EOF
)
RELEASE_RESPONSE=$(curl -s \
-X POST \
-H "Content-Type: application/json" \
-H "Authorization: token $GITHUB_TOKEN" \
-d "$RELEASE_DATA" \
"https://forge.ops.eblu.me/api/v1/repos/eblume/blumeops/releases")
echo "API Response: $RELEASE_RESPONSE"
RELEASE_ID=$(echo "$RELEASE_RESPONSE" | jq -r '.id')
if [ -z "$RELEASE_ID" ] || [ "$RELEASE_ID" = "null" ]; then
echo "Error: Failed to create release"
exit 1
fi
echo "Created release ID: $RELEASE_ID"
# Upload the asset
echo "Uploading $TARBALL..."
UPLOAD_RESPONSE=$(curl -s \
-X POST \
-H "Content-Type: application/gzip" \
-H "Authorization: token $GITHUB_TOKEN" \
--data-binary "@$TARBALL" \
"https://forge.ops.eblu.me/api/v1/repos/eblume/blumeops/releases/$RELEASE_ID/assets?name=$TARBALL")
echo "Upload Response: $UPLOAD_RESPONSE"
echo ""
echo "Release created successfully!"
- name: Update docs configmap
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
VERSION="${{ steps.version.outputs.version }}"
TARBALL="docs-${VERSION}.tar.gz"
CONFIGMAP_FILE="argocd/manifests/docs/configmap.yaml"
RELEASE_URL="https://forge.ops.eblu.me/eblume/blumeops/releases/download/${VERSION}/${TARBALL}"
echo "Updating $CONFIGMAP_FILE with new release URL..."
sed -i "s|DOCS_RELEASE_URL:.*|DOCS_RELEASE_URL: \"${RELEASE_URL}\"|" "$CONFIGMAP_FILE"
echo "Updated configmap:"
cat "$CONFIGMAP_FILE"
- name: Commit release changes
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
VERSION="${{ steps.version.outputs.version }}"
CHANGELOG_UPDATED="${{ steps.changelog.outputs.changelog_updated }}"
# Configure git
git config user.name "Forgejo Actions"
git config user.email "actions@forge.ops.eblu.me"
# Stage configmap changes
git add argocd/manifests/docs/configmap.yaml
# Stage changelog changes if updated
if [ "$CHANGELOG_UPDATED" = "true" ]; then
git add docs/CHANGELOG.md docs/changelog.d/
fi
# Check if there are changes to commit
if git diff --cached --quiet; then
echo "No changes to commit"
else
git commit -m "Update docs release to $VERSION
- Updated configmap with new DOCS_RELEASE_URL
$([ "$CHANGELOG_UPDATED" = "true" ] && echo "- Built changelog from towncrier fragments")
[skip ci]"
# Push to main
git push origin HEAD:main
echo "Changes committed and pushed"
fi
- name: Deploy docs
env:
ARGOCD_AUTH_TOKEN: ${{ secrets.ARGOCD_AUTH_TOKEN }}
run: |
echo "Syncing docs app via ArgoCD..."
# Sync docs app (uses ARGOCD_AUTH_TOKEN env var for auth)
argocd app sync docs \
--server argocd.ops.eblu.me \
--grpc-web \
--prune
# Wait for sync to complete
argocd app wait docs \
--server argocd.ops.eblu.me \
--grpc-web \
--timeout 120
echo "Docs app synced successfully!"
- name: Summary
run: |
VERSION="${{ steps.version.outputs.version }}"
TARBALL="docs-${VERSION}.tar.gz"
echo "================================================"
echo "BlumeOps Release: $VERSION"
echo "================================================"
echo ""
echo "Release URL:"
echo " https://forge.ops.eblu.me/eblume/blumeops/releases/tag/$VERSION"
echo ""
echo "Asset URL (for DOCS_RELEASE_URL ConfigMap):"
echo " https://forge.ops.eblu.me/eblume/blumeops/releases/download/$VERSION/$TARBALL"
Reference in a new issue View git blame Copy permalink