cameleer-server/.gitea/workflows/ci.yml

name: CI

on:
  push:
    branches: [main]
    tags-ignore:
      - 'v*'
  pull_request:
    branches: [main]

jobs:
  build:
    runs-on: ubuntu-latest
    container:
      image: maven:3.9-eclipse-temurin-17
    steps:
      - name: Install Node.js 22
        run: |
          apt-get update && apt-get install -y ca-certificates curl gnupg
          mkdir -p /etc/apt/keyrings
          curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
          echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_22.x nodistro main" > /etc/apt/sources.list.d/nodesource.list
          apt-get update && apt-get install -y nodejs

      - uses: actions/checkout@v4

      - name: Configure Gitea Maven Registry
        run: |
          mkdir -p ~/.m2
          cat > ~/.m2/settings.xml << 'SETTINGS'
          <settings>
            <servers>
              <server>
                <id>gitea</id>
                <username>cameleer</username>
                <password>${env.REGISTRY_TOKEN}</password>
              </server>
            </servers>
          </settings>
          SETTINGS
        env:
          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}

      - name: Cache Maven dependencies
        uses: actions/cache@v4
        with:
          path: ~/.m2/repository
          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
          restore-keys: ${{ runner.os }}-maven-

      - name: Build UI
        working-directory: ui
        run: |
          npm ci
          npm run build

      - name: Build and Test
        run: mvn clean verify -DskipITs --batch-mode

  docker:
    needs: build
    runs-on: ubuntu-latest
    if: github.ref == 'refs/heads/main'
    container:
      image: docker:27
    steps:
      - name: Checkout
        run: |
          apk add --no-cache git
          git clone --depth=1 --branch=${GITHUB_REF_NAME} https://cameleer:${REGISTRY_TOKEN}@gitea.siegeln.net/${GITHUB_REPOSITORY}.git .
        env:
          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
      - name: Login to registry
        run: echo "$REGISTRY_TOKEN" | docker login gitea.siegeln.net -u cameleer --password-stdin
        env:
          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
      - name: Set up QEMU for cross-platform builds
        run: docker run --rm --privileged tonistiigi/binfmt --install all
      - name: Build and push server
        run: |
          docker buildx create --use --name cibuilder
          docker buildx build --platform linux/amd64 \
            --build-arg REGISTRY_TOKEN="$REGISTRY_TOKEN" \
            -t gitea.siegeln.net/cameleer/cameleer3-server:${{ github.sha }} \
            -t gitea.siegeln.net/cameleer/cameleer3-server:latest \
            --cache-from type=registry,ref=gitea.siegeln.net/cameleer/cameleer3-server:buildcache \
            --cache-to type=registry,ref=gitea.siegeln.net/cameleer/cameleer3-server:buildcache,mode=max \
            --provenance=false \
            --push .
        env:
          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
      - name: Build and push UI
        run: |
          docker buildx build --platform linux/amd64 \
            -f ui/Dockerfile \
            -t gitea.siegeln.net/cameleer/cameleer3-server-ui:${{ github.sha }} \
            -t gitea.siegeln.net/cameleer/cameleer3-server-ui:latest \
            --cache-from type=registry,ref=gitea.siegeln.net/cameleer/cameleer3-server-ui:buildcache \
            --cache-to type=registry,ref=gitea.siegeln.net/cameleer/cameleer3-server-ui:buildcache,mode=max \
            --provenance=false \
            --push ui/
        env:
          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
      - name: Cleanup local Docker
        run: docker system prune -af --filter "until=24h"
        if: always()
      - name: Cleanup old container images
        run: |
          apk add --no-cache curl jq
          API="https://gitea.siegeln.net/api/v1"
          AUTH="Authorization: token ${REGISTRY_TOKEN}"
          CURRENT_SHA="${{ github.sha }}"
          for PKG in cameleer3-server cameleer3-server-ui; do
            curl -sf -H "$AUTH" "$API/packages/cameleer/container/$PKG" | \
              jq -r '.[] | "\(.id) \(.version)"' | \
              while read id version; do
                if [ "$version" != "latest" ] && [ "$version" != "$CURRENT_SHA" ]; then
                  echo "Deleting old image tag: $PKG:$version"
                  curl -sf -X DELETE -H "$AUTH" "$API/packages/cameleer/container/$PKG/$version"
                fi
              done
          done
        env:
          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
        if: always()

  deploy:
    needs: docker
    runs-on: ubuntu-latest
    if: github.ref == 'refs/heads/main'
    container:
      image: bitnami/kubectl:latest
    steps:
      - name: Checkout
        run: |
          git clone --depth=1 --branch=${GITHUB_REF_NAME} https://cameleer:${REGISTRY_TOKEN}@gitea.siegeln.net/${GITHUB_REPOSITORY}.git .
        env:
          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
      - name: Configure kubectl
        run: |
          mkdir -p ~/.kube
          echo "$KUBECONFIG_B64" | base64 -d > ~/.kube/config
        env:
          KUBECONFIG_B64: ${{ secrets.KUBECONFIG_BASE64 }}
      - name: Deploy
        run: |
          kubectl create namespace cameleer --dry-run=client -o yaml | kubectl apply -f -

          kubectl create secret docker-registry gitea-registry \
            --namespace=cameleer \
            --docker-server=gitea.siegeln.net \
            --docker-username=cameleer \
            --docker-password="$REGISTRY_TOKEN" \
            --dry-run=client -o yaml | kubectl apply -f -

          kubectl create secret generic cameleer-auth \
            --namespace=cameleer \
            --from-literal=CAMELEER_AUTH_TOKEN="$CAMELEER_AUTH_TOKEN" \
            --from-literal=CAMELEER_UI_USER="${CAMELEER_UI_USER:-admin}" \
            --from-literal=CAMELEER_UI_PASSWORD="${CAMELEER_UI_PASSWORD:-admin}" \
            --dry-run=client -o yaml | kubectl apply -f -

          kubectl create secret generic clickhouse-credentials \
            --namespace=cameleer \
            --from-literal=CLICKHOUSE_USER="$CLICKHOUSE_USER" \
            --from-literal=CLICKHOUSE_PASSWORD="$CLICKHOUSE_PASSWORD" \
            --dry-run=client -o yaml | kubectl apply -f -

          kubectl apply -f deploy/clickhouse.yaml
          kubectl -n cameleer rollout status statefulset/clickhouse --timeout=120s

          kubectl apply -f deploy/server.yaml
          kubectl -n cameleer set image deployment/cameleer3-server \
            server=gitea.siegeln.net/cameleer/cameleer3-server:${{ github.sha }}
          kubectl -n cameleer rollout status deployment/cameleer3-server --timeout=120s

          kubectl apply -f deploy/ui.yaml
          kubectl -n cameleer set image deployment/cameleer3-ui \
            ui=gitea.siegeln.net/cameleer/cameleer3-server-ui:${{ github.sha }}
          kubectl -n cameleer rollout status deployment/cameleer3-ui --timeout=120s
        env:
          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
          CAMELEER_AUTH_TOKEN: ${{ secrets.CAMELEER_AUTH_TOKEN }}
          CAMELEER_UI_USER: ${{ secrets.CAMELEER_UI_USER }}
          CAMELEER_UI_PASSWORD: ${{ secrets.CAMELEER_UI_PASSWORD }}
          CLICKHOUSE_USER: ${{ secrets.CLICKHOUSE_USER }}
          CLICKHOUSE_PASSWORD: ${{ secrets.CLICKHOUSE_PASSWORD }}