154 lines
5.9 KiB
YAML
154 lines
5.9 KiB
YAML
name: Update Website
|
|
|
|
on:
|
|
schedule:
|
|
- cron: '0 * * * *' # every hour on the hour
|
|
push:
|
|
branches: [main]
|
|
paths:
|
|
- 'website/**'
|
|
- 'scripts/website-verify.sh'
|
|
- '.forgejo/workflows/website.yml'
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
check-changes:
|
|
name: Detect Website Changes
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 5
|
|
outputs:
|
|
has_changes: ${{ steps.diff.outputs.has_changes }}
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Detect website changes since last deploy
|
|
id: diff
|
|
shell: bash
|
|
env:
|
|
FORGEJO_TOKEN: ${{ github.token }}
|
|
run: |
|
|
# On push or workflow_dispatch always deploy
|
|
if [ "$GITHUB_EVENT_NAME" != "schedule" ]; then
|
|
echo "has_changes=true" >> "$GITHUB_OUTPUT"
|
|
exit 0
|
|
fi
|
|
|
|
HEAD_SHA=$(git rev-parse HEAD)
|
|
|
|
# Find the most recent successful "Build & Update Website" task. Forgejo's API
|
|
# does not expose per-run jobs (/runs/{id}/jobs returns 404), so query /actions/tasks
|
|
# (per-job records) directly and filter for the task we care about. Filtering at the
|
|
# task level also distinguishes runs where the deploy job actually ran from runs
|
|
# where it was skipped — at the run level both show status=success.
|
|
LAST_DEPLOYED_SHA=$(python3 - << 'PYEOF'
|
|
import json, os, sys, urllib.request
|
|
token = os.environ.get("FORGEJO_TOKEN", "")
|
|
server = os.environ.get("GITHUB_SERVER_URL", "").rstrip("/")
|
|
repo = os.environ.get("GITHUB_REPOSITORY", "")
|
|
url = f"{server}/api/v1/repos/{repo}/actions/tasks?status=success&limit=100"
|
|
req = urllib.request.Request(url, headers={"Authorization": f"token {token}"})
|
|
try:
|
|
with urllib.request.urlopen(req, timeout=60) as r:
|
|
data = json.loads(r.read())
|
|
for t in data.get("workflow_runs", []):
|
|
if (t.get("workflow_id") == "website.yml"
|
|
and t.get("name") == "Build & Update Website"
|
|
and t.get("status") == "success"):
|
|
print(t.get("head_sha") or "")
|
|
sys.exit(0)
|
|
print("")
|
|
except Exception as e:
|
|
print(f"::error::LAST_DEPLOYED_SHA lookup failed ({type(e).__name__}: {e})")
|
|
print("")
|
|
PYEOF
|
|
)
|
|
|
|
if [ -z "$LAST_DEPLOYED_SHA" ]; then
|
|
echo "::warning::Could not determine last successfully deployed SHA — deploying as a precaution"
|
|
echo "has_changes=true" >> "$GITHUB_OUTPUT"
|
|
exit 0
|
|
fi
|
|
|
|
if [ "$HEAD_SHA" = "$LAST_DEPLOYED_SHA" ]; then
|
|
echo "::notice::Website deploy SKIPPED — HEAD $HEAD_SHA was already successfully deployed"
|
|
echo "has_changes=false" >> "$GITHUB_OUTPUT"
|
|
exit 0
|
|
fi
|
|
|
|
# Diff from last successfully deployed commit to catch all changes since
|
|
# that deploy, not just the most recent commit.
|
|
if git cat-file -e "$LAST_DEPLOYED_SHA" 2>/dev/null; then
|
|
echo "Diffing from last deployed SHA $LAST_DEPLOYED_SHA"
|
|
CHANGED=$(git diff --name-only "$LAST_DEPLOYED_SHA" HEAD 2>/dev/null \
|
|
|| git show --name-only --format= HEAD)
|
|
else
|
|
echo "::warning::Last deployed SHA $LAST_DEPLOYED_SHA not in local history — deploying as a precaution"
|
|
echo "has_changes=true" >> "$GITHUB_OUTPUT"
|
|
exit 0
|
|
fi
|
|
|
|
echo "Changed files:"
|
|
echo "$CHANGED"
|
|
|
|
website_re='^(website/|scripts/website-verify\.sh|\.forgejo/workflows/website\.yml)'
|
|
|
|
if echo "$CHANGED" | grep -qE "$website_re"; then
|
|
echo "has_changes=true" >> "$GITHUB_OUTPUT"
|
|
echo "::notice::Website deploy TRIGGERED — website-relevant files changed since $LAST_DEPLOYED_SHA"
|
|
else
|
|
echo "has_changes=false" >> "$GITHUB_OUTPUT"
|
|
echo "::notice::Website deploy SKIPPED — diff $LAST_DEPLOYED_SHA..HEAD has no website-relevant changes"
|
|
fi
|
|
|
|
deploy:
|
|
name: Build & Update Website
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 60
|
|
needs: [check-changes]
|
|
if: needs.check-changes.outputs.has_changes == 'true'
|
|
|
|
steps:
|
|
- name: Print runner wait time
|
|
env:
|
|
FORGEJO_TOKEN: ${{ github.token }}
|
|
RUN_NUMBER: ${{ github.run_number }}
|
|
run: |
|
|
runner_start=$(date +%s)
|
|
created=$(curl -sf --max-time 30 \
|
|
-H "Authorization: token $FORGEJO_TOKEN" \
|
|
"${{ github.server_url }}/api/v1/repos/${{ github.repository }}/actions/runs?run_number=$RUN_NUMBER" \
|
|
| python3 -c "import sys,json;rs=json.load(sys.stdin).get('workflow_runs',[]);print(rs[0]['created'] if rs else '')" 2>/dev/null) || true
|
|
if [ -n "$created" ]; then
|
|
queued_epoch=$(date -d "$created" +%s)
|
|
wait_seconds=$((runner_start - queued_epoch))
|
|
echo "Runner wait time: ${wait_seconds}s (queued at $created)"
|
|
else
|
|
echo "Runner wait time: unknown (API lookup failed)"
|
|
fi
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
submodules: recursive
|
|
|
|
- name: Check runner tools
|
|
run: |
|
|
command -v dagger >/dev/null 2>&1 || { echo "ERROR: dagger is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
|
|
command -v task >/dev/null 2>&1 || { echo "ERROR: task is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
|
|
|
|
- name: Setup Dagger Remote Engine
|
|
env:
|
|
SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }}
|
|
run: scripts/setup_dagger_remote.sh
|
|
|
|
- name: Build & Update Website
|
|
env:
|
|
DAGGER_NO_NAG: "1"
|
|
run: task publish-website
|
|
|
|
- name: Verify Website
|
|
env:
|
|
SSH_HOST: ${{ env.WEBSITE_SSH_HOST }}
|
|
run: scripts/website-verify.sh
|