167 lines
6.5 KiB
YAML
167 lines
6.5 KiB
YAML
name: Update Website
|
|
|
|
on:
|
|
schedule:
|
|
- cron: '0 * * * *' # every hour on the hour
|
|
push:
|
|
branches: [main]
|
|
paths:
|
|
- 'website/**'
|
|
- 'scripts/website-verify.sh'
|
|
- '.forgejo/workflows/website.yml'
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
check-changes:
|
|
name: Detect Website Changes
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 5
|
|
outputs:
|
|
has_changes: ${{ steps.diff.outputs.has_changes }}
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Detect website changes since last deploy
|
|
id: diff
|
|
shell: bash
|
|
env:
|
|
FORGEJO_TOKEN: ${{ github.token }}
|
|
run: |
|
|
# On push or workflow_dispatch always deploy
|
|
if [ "$GITHUB_EVENT_NAME" != "schedule" ]; then
|
|
echo "has_changes=true" >> "$GITHUB_OUTPUT"
|
|
exit 0
|
|
fi
|
|
|
|
HEAD_SHA=$(git rev-parse HEAD)
|
|
|
|
# Find the most recent successful website.yml run where the deploy job
|
|
# actually ran (not merely skipped). Uses head_sha (not commit_sha which
|
|
# is always None in Forgejo's API).
|
|
LAST_DEPLOYED_SHA=$(python3 - << 'PYEOF'
|
|
import json, os, sys, urllib.request
|
|
token = os.environ.get("FORGEJO_TOKEN", "")
|
|
server = os.environ.get("GITHUB_SERVER_URL", "").rstrip("/")
|
|
repo = os.environ.get("GITHUB_REPOSITORY", "")
|
|
base_api = f"{server}/api/v1/repos/{repo}/actions"
|
|
url = f"{base_api}/runs?workflow_id=website.yml&status=success&limit=10"
|
|
req = urllib.request.Request(url, headers={"Authorization": f"token {token}"})
|
|
try:
|
|
with urllib.request.urlopen(req) as r:
|
|
data = json.loads(r.read())
|
|
runs = [
|
|
r for r in data.get("workflow_runs", [])
|
|
if r.get("status") == "success"
|
|
]
|
|
for run in runs:
|
|
run_id = run.get("id")
|
|
jobs_url = f"{base_api}/runs/{run_id}/jobs"
|
|
jobs_req = urllib.request.Request(jobs_url, headers={"Authorization": f"token {token}"})
|
|
try:
|
|
with urllib.request.urlopen(jobs_req) as jr:
|
|
jobs_data = json.loads(jr.read())
|
|
for job in jobs_data.get("workflow_jobs", []):
|
|
if "Build & Update Website" in job.get("name", "") and (
|
|
job.get("conclusion") == "success" or
|
|
job.get("status") == "success"
|
|
):
|
|
print(run.get("head_sha") or "")
|
|
sys.exit(0)
|
|
except Exception:
|
|
pass # skip this run if jobs API fails
|
|
print("")
|
|
except Exception as e:
|
|
print(f"::error::LAST_DEPLOYED_SHA lookup failed ({type(e).__name__}: {e})")
|
|
print("")
|
|
PYEOF
|
|
)
|
|
|
|
if [ -z "$LAST_DEPLOYED_SHA" ]; then
|
|
echo "::warning::Could not determine last successfully deployed SHA — deploying as a precaution"
|
|
echo "has_changes=true" >> "$GITHUB_OUTPUT"
|
|
exit 0
|
|
fi
|
|
|
|
if [ "$HEAD_SHA" = "$LAST_DEPLOYED_SHA" ]; then
|
|
echo "::notice::Website deploy SKIPPED — HEAD $HEAD_SHA was already successfully deployed"
|
|
echo "has_changes=false" >> "$GITHUB_OUTPUT"
|
|
exit 0
|
|
fi
|
|
|
|
# Diff from last successfully deployed commit to catch all changes since
|
|
# that deploy, not just the most recent commit.
|
|
if git cat-file -e "$LAST_DEPLOYED_SHA" 2>/dev/null; then
|
|
echo "Diffing from last deployed SHA $LAST_DEPLOYED_SHA"
|
|
CHANGED=$(git diff --name-only "$LAST_DEPLOYED_SHA" HEAD 2>/dev/null \
|
|
|| git show --name-only --format= HEAD)
|
|
else
|
|
echo "::warning::Last deployed SHA $LAST_DEPLOYED_SHA not in local history — deploying as a precaution"
|
|
echo "has_changes=true" >> "$GITHUB_OUTPUT"
|
|
exit 0
|
|
fi
|
|
|
|
echo "Changed files:"
|
|
echo "$CHANGED"
|
|
|
|
website_re='^(website/|scripts/website-verify\.sh|\.forgejo/workflows/website\.yml)'
|
|
|
|
if echo "$CHANGED" | grep -qE "$website_re"; then
|
|
echo "has_changes=true" >> "$GITHUB_OUTPUT"
|
|
echo "::notice::Website deploy TRIGGERED — website-relevant files changed since $LAST_DEPLOYED_SHA"
|
|
else
|
|
echo "has_changes=false" >> "$GITHUB_OUTPUT"
|
|
echo "::notice::Website deploy SKIPPED — diff $LAST_DEPLOYED_SHA..HEAD has no website-relevant changes"
|
|
fi
|
|
|
|
deploy:
|
|
name: Build & Update Website
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 60
|
|
needs: [check-changes]
|
|
if: needs.check-changes.outputs.has_changes == 'true'
|
|
|
|
steps:
|
|
- name: Print runner wait time
|
|
env:
|
|
FORGEJO_TOKEN: ${{ github.token }}
|
|
RUN_NUMBER: ${{ github.run_number }}
|
|
run: |
|
|
runner_start=$(date +%s)
|
|
created_at=$(curl -sf \
|
|
-H "Authorization: token $FORGEJO_TOKEN" \
|
|
"${{ github.server_url }}/api/v1/repos/${{ github.repository }}/actions/tasks?limit=100" \
|
|
| python3 -c "import sys,json;data=json.load(sys.stdin);rs=[r for r in data.get('workflow_runs',[]) if r.get('run_number')==$RUN_NUMBER];print(rs[0]['created_at'] if rs else '')" 2>/dev/null)
|
|
if [ -n "$created_at" ]; then
|
|
queued_epoch=$(date -d "$created_at" +%s)
|
|
wait_seconds=$((runner_start - queued_epoch))
|
|
echo "Runner wait time: ${wait_seconds}s (queued at $created_at)"
|
|
else
|
|
echo "Runner wait time: unknown (API lookup failed)"
|
|
fi
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
submodules: recursive
|
|
|
|
- name: Check runner tools
|
|
run: |
|
|
command -v dagger >/dev/null 2>&1 || { echo "ERROR: dagger is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
|
|
command -v task >/dev/null 2>&1 || { echo "ERROR: task is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
|
|
|
|
- name: Setup Dagger Remote Engine
|
|
env:
|
|
SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }}
|
|
run: scripts/setup_dagger_remote.sh
|
|
|
|
- name: Build & Update Website
|
|
env:
|
|
DAGGER_NO_NAG: "1"
|
|
run: task publish-website
|
|
|
|
- name: Verify Website
|
|
env:
|
|
SSH_HOST: ${{ env.WEBSITE_SSH_HOST }}
|
|
run: scripts/website-verify.sh
|