ZDDC
c099676024
Runner now runs in a quadlet container on caddy-net, so 127.0.0.1
is the runner's own loopback. Reach the Caddy container by name
('caddy') with --connect-to keeping SNI/Host as the public hostname
so the right vhost matches.
Also adds the tag trigger: push of zddc-server-v[0-9]+.[0-9]+.[0-9]+
auto-cuts a stable release. The lockstep set pushes six tags at once;
filtering on zddc-server-v* gives exactly one workflow run per cut.
Re-cutting at the tagged commit is safe — _promote_stable in
shared/build-lib.sh is idempotent re: tag creation.
89 lines
3.2 KiB
YAML
89 lines
3.2 KiB
YAML
name: Build + deploy releases
|
|
|
|
# Cuts a channel/release bundle (./build alpha|beta|release [version])
|
|
# and rsyncs it to /srv/zddc/releases/ via ./deploy --releases. Runs on
|
|
# this host directly (label: host) — same shell environment the operator
|
|
# uses for manual cuts, so behavior is identical between the two paths.
|
|
#
|
|
# Triggers:
|
|
# - workflow_dispatch — pick channel + optional version from the UI.
|
|
# - push to a tag matching zddc-server-v[0-9]+.[0-9]+.[0-9]+ —
|
|
# the canonical "stable cut" tag in our six-tag lockstep set
|
|
# (one per tool: archive-vX.Y.Z, transmittal-vX.Y.Z, ..., zddc-server-vX.Y.Z).
|
|
# Filtering on zddc-server-v* ensures exactly one workflow run per cut
|
|
# even though six tags push together. Runner re-cuts from the tagged
|
|
# commit for reproducibility — _promote_stable in shared/build-lib.sh
|
|
# is idempotent re: tag creation, so rerunning at the same HEAD is a
|
|
# no-op for the tags.
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
channel:
|
|
description: 'Channel to cut'
|
|
required: true
|
|
type: choice
|
|
default: alpha
|
|
options:
|
|
- alpha
|
|
- beta
|
|
- release
|
|
version:
|
|
description: 'Stable version (e.g. 0.1.0). Leave blank for coordinated next-stable. Ignored for alpha/beta.'
|
|
required: false
|
|
default: ''
|
|
push:
|
|
tags:
|
|
- 'zddc-server-v[0-9]+.[0-9]+.[0-9]+'
|
|
|
|
jobs:
|
|
build-and-deploy:
|
|
runs-on: host
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
# ./build's _coordinated_next_stable reads tags across all six
|
|
# tools; full history + tags are required.
|
|
fetch-depth: 0
|
|
|
|
- name: Resolve channel + version
|
|
id: meta
|
|
run: |
|
|
set -eu
|
|
if [ "$GITHUB_EVENT_NAME" = "push" ]; then
|
|
# Tag push: refs/tags/zddc-server-vX.Y.Z → channel=release, version=X.Y.Z
|
|
VERSION="${GITHUB_REF#refs/tags/zddc-server-v}"
|
|
echo "channel=release" >> "$GITHUB_OUTPUT"
|
|
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
|
|
else
|
|
echo "channel=${{ inputs.channel }}" >> "$GITHUB_OUTPUT"
|
|
echo "version=${{ inputs.version }}" >> "$GITHUB_OUTPUT"
|
|
fi
|
|
|
|
- name: Build
|
|
run: |
|
|
set -eu
|
|
CH="${{ steps.meta.outputs.channel }}"
|
|
VER="${{ steps.meta.outputs.version }}"
|
|
if [ "$CH" = "release" ] && [ -n "$VER" ]; then
|
|
./build release "$VER"
|
|
else
|
|
./build "$CH"
|
|
fi
|
|
|
|
- name: Deploy releases
|
|
run: ./deploy --releases
|
|
|
|
- name: Verify channel mirror resolves
|
|
run: |
|
|
set -eu
|
|
CH="${{ steps.meta.outputs.channel }}"
|
|
MIRROR=$([ "$CH" = "release" ] && echo stable || echo "$CH")
|
|
# Runner is in a container on caddy-net; reach Caddy by container
|
|
# name (`caddy`). --connect-to keeps the SNI / Host as the real
|
|
# public hostname so the right vhost matches; -k skips cert
|
|
# verify (Caddy uses a self-signed `tls internal` cert).
|
|
curl -ksI --connect-to "zddc.varasys.io:8443:caddy:8443" \
|
|
"https://zddc.varasys.io:8443/releases/archive_${MIRROR}.html" \
|
|
| head -3
|