demo-platform/test-micro-alex-stable-1
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial commit
All checks were successful
Build and Push to ACR / Build and Push (push) Successful in 45s
Details

Browse Source 
Change-Id: Iccb9a69a29ce96d618762c5c852c8ec43d9b78df
This commit is contained in:
Scaffolder
2026-03-19 16:22:58 +00:00
commit a322740284
14 changed files with 721 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

81
.gitea/workflows/build-push.yml Normal file
View File

@@ -0,0 +1,81 @@
name: Build and Push to ACR
on:
push:
branches: [ "main" ]
workflow_dispatch: {}
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
AZURE_FEDERATED_TOKEN_FILE: /var/run/secrets/azure/tokens/azure-identity-token
jobs:
build:
name: Build and Push
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Azure CLI
run: |
command -v az &>/dev/null || curl -sL https://aka.ms/InstallAzureCLIDeb | bash
- name: Install Docker CLI
run: |
command -v docker &>/dev/null || (apt-get update -qq && apt-get install -y docker.io)
docker --version
- name: Azure login (OIDC)
run: |
az login \
--service-principal \
--username "$AZURE_CLIENT_ID" \
--tenant "$AZURE_TENANT_ID" \
--federated-token "$(cat $AZURE_FEDERATED_TOKEN_FILE)"
echo "✓ Azure login successful"
- name: Get ACR details
id: acr
run: |
ACR_NAME=$(az acr list --query "[0].name" -o tsv)
ACR_NAME="${ACR_NAME:-bstagecjotdevacr}"
echo "ACR_NAME=$ACR_NAME" >> $GITHUB_ENV
echo "ACR_LOGIN_SERVER=${ACR_NAME}.azurecr.io" >> $GITHUB_ENV
echo "✓ Using ACR: ${ACR_NAME}.azurecr.io"
- name: ACR Login
run: |
ACR_TOKEN=$(az acr login --name "$ACR_NAME" --expose-token --output tsv --query accessToken)
docker login "$ACR_LOGIN_SERVER" \
--username 00000000-0000-0000-0000-000000000000 \
--password "$ACR_TOKEN"
echo "✓ ACR login successful"
- name: Build and Push Docker image
run: |
IMAGE_TAG="${{ gitea.sha }}"
IMAGE_FULL="${ACR_LOGIN_SERVER}/test-micro-alex-stable-1:${IMAGE_TAG}"
IMAGE_LATEST="${ACR_LOGIN_SERVER}/test-micro-alex-stable-1:latest"
docker build -t "$IMAGE_FULL" -t "$IMAGE_LATEST" .
docker push "$IMAGE_FULL"
docker push "$IMAGE_LATEST"
echo "IMAGE_FULL=$IMAGE_FULL" >> $GITHUB_ENV
echo "✓ Pushed: $IMAGE_FULL"
- name: Build Summary
run: |
echo "### ✅ Build Successful" >> $GITHUB_STEP_SUMMARY
echo "| | |" >> $GITHUB_STEP_SUMMARY
echo "|---|---|" >> $GITHUB_STEP_SUMMARY
echo "| **Service** | test-micro-alex-stable-1 |" >> $GITHUB_STEP_SUMMARY
echo "| **Runtime** | Node.js Express |" >> $GITHUB_STEP_SUMMARY
echo "| **Commit** | ${{ gitea.sha }} |" >> $GITHUB_STEP_SUMMARY
echo "| **Image** | $IMAGE_FULL |" >> $GITHUB_STEP_SUMMARY

188
.gitea/workflows/deploy-humanitec.yml Normal file
View File

@@ -0,0 +1,188 @@
name: Deploy to Humanitec
on:
workflow_run:
workflows: ["Build and Push to ACR"]
types:
- completed
branches: [ "main" ]
workflow_dispatch:
inputs:
environment:
description: 'Target environment'
required: true
default: 'dev'
type: choice
options:
- dev
- staging
- prod
env:
APP_ID: test-micro-alex-stable-1
PROJECT_ID: test-micro-alex-stable-1
AZURE_FEDERATED_TOKEN_FILE: /var/run/secrets/azure/tokens/azure-identity-token
DEFAULT_ENV_ID: dev
jobs:
deploy:
name: Deploy to Humanitec
runs-on: ubuntu-latest
if: github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success'
permissions:
contents: read
id-token: write
outputs:
sha: ${{ steps.get-sha.outputs.sha }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Get short SHA
id: get-sha
run: echo "sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
- name: Install CLI tools
run: |
# jq (needed for github API call)
command -v jq &>/dev/null || (apt-get update -qq && apt-get install -y -qq jq)
# hctl (Humanitec Platform Orchestrator v2 CLI)
HCTL_VERSION=$(curl -s https://api.github.com/repos/humanitec/hctl/releases/latest | jq -r '.tag_name')
curl -fLO "https://github.com/humanitec/hctl/releases/download/${HCTL_VERSION}/hctl_${HCTL_VERSION#v}_linux_amd64.tar.gz"
tar -xzf "hctl_${HCTL_VERSION#v}_linux_amd64.tar.gz"
install -m 755 hctl /usr/local/bin/hctl
hctl --version
echo "✓ Tools installed"
- name: Install Azure CLI
run: command -v az &>/dev/null || curl -sL https://aka.ms/InstallAzureCLIDeb | bash
- name: Azure login (OIDC)
run: |
az login \
--service-principal \
--username "$AZURE_CLIENT_ID" \
--tenant "$AZURE_TENANT_ID" \
--federated-token "$(cat $AZURE_FEDERATED_TOKEN_FILE)"
echo "✓ Azure login successful"
- name: Get image reference
id: image
run: |
ACR_LOGIN_SERVER=$(az acr list --query "[0].loginServer" -o tsv)
SHA=${{ steps.get-sha.outputs.sha }}
echo "IMAGE_FULL=${ACR_LOGIN_SERVER}/test-micro-alex-stable-1:${SHA}" >> $GITHUB_ENV
echo "✓ Image: ${ACR_LOGIN_SERVER}/test-micro-alex-stable-1:${SHA}"
- name: Set environment
id: set-env
run: |
if [ "${{ gitea.event_name }}" = "workflow_dispatch" ]; then
ENV_ID="${{ gitea.event.inputs.environment }}"
else
ENV_ID="$DEFAULT_ENV_ID"
fi
ENV_ID="${ENV_ID:-dev}"
echo "ENV_ID=$ENV_ID" >> $GITHUB_OUTPUT
echo "ENV_ID=$ENV_ID" >> $GITHUB_ENV
echo "✓ Target environment: $ENV_ID"
- name: Get Humanitec credentials from Key Vault
run: |
HUMANITEC_TOKEN=$(az keyvault secret show \
--vault-name "bstage-cjot-dev-core-kv" \
--name "humanitec-api-token-v2" \
--query "value" -o tsv)
[ -z "$HUMANITEC_TOKEN" ] && echo "❌ Failed to retrieve HUMANITEC_TOKEN" && exit 1
echo "HUMANITEC_AUTH_TOKEN=$HUMANITEC_TOKEN" >> $GITHUB_ENV
HUMANITEC_ORG=$(az keyvault secret show \
--vault-name "bstage-cjot-dev-core-kv" \
--name "humanitec-org-id" \
--query "value" -o tsv)
[ -z "$HUMANITEC_ORG" ] && echo "❌ Failed to retrieve HUMANITEC_ORG" && exit 1
echo "HUMANITEC_ORG=$HUMANITEC_ORG" >> $GITHUB_ENV
echo "✓ Credentials retrieved"
- name: Deploy via Humanitec Score
run: |
# Pre-flight: wait for any prior deployment to finish before calling hctl.
# hctl refuses to start a new deployment while one is still executing.
echo "Pre-flight: checking for in-progress deployments..."
PREFLIGHT_WAITED=0
while [ $PREFLIGHT_WAITED -lt 300 ]; do
PREFLIGHT_STATUS=$(curl -sf \
-H "Authorization: Bearer $HUMANITEC_AUTH_TOKEN" \
"https://api.humanitec.dev/orgs/$HUMANITEC_ORG/last-deployments?env_id=$ENV_ID&project_id=$PROJECT_ID&state_change_only=true" \
| jq -r '.items[0].status // "none"' 2>/dev/null || echo "none")
if [ "$PREFLIGHT_STATUS" != "in progress" ] && [ "$PREFLIGHT_STATUS" != "pending" ] && [ "$PREFLIGHT_STATUS" != "executing" ]; then
echo "Pre-flight passed (status=$PREFLIGHT_STATUS). Proceeding."
break
fi
echo " Prior deployment still running ($PREFLIGHT_WAITED s elapsed, status=$PREFLIGHT_STATUS)..."
sleep 15
PREFLIGHT_WAITED=$((PREFLIGHT_WAITED + 15))
done
# First deploy — provisions all resources. On a brand-new Humanitec project the
# dns-k8s-ingress Terraform module runs before the K8s Service exists, so the
# ingress backend port falls back to 3000. A second deploy (below) corrects it
# once the Service is up, which is essential for apps not running on port 3000.
HCTL_EXIT=0
timeout 300 hctl score deploy "$PROJECT_ID" "$ENV_ID" score.yaml \
--no-prompt \
--default-image "$IMAGE_FULL" || HCTL_EXIT=$?
if [ "$HCTL_EXIT" -eq 0 ]; then
echo "✓ First deployment complete to $ENV_ID"
elif [ "$HCTL_EXIT" -eq 124 ]; then
echo "✓ First deployment submitted (polling timed out — waiting for K8s to settle)"
else
echo "✗ hctl failed with exit code $HCTL_EXIT"
exit $HCTL_EXIT
fi
# Poll Humanitec API until the first deployment is no longer in-progress before
# re-deploying. A flat sleep is unreliable — Terraform DNS modules can take 4-6 min.
echo "Waiting for first deployment to finish (polling Humanitec API)..."
MAX_WAIT=360
WAITED=0
while [ $WAITED -lt $MAX_WAIT ]; do
DEPLOY_STATUS=$(curl -sf \
-H "Authorization: Bearer $HUMANITEC_AUTH_TOKEN" \
"https://api.humanitec.dev/orgs/$HUMANITEC_ORG/last-deployments?env_id=$ENV_ID&project_id=$PROJECT_ID&state_change_only=true" \
| jq -r '.items[0].status // "unknown"' 2>/dev/null || echo "unknown")
if [ "$DEPLOY_STATUS" != "in progress" ] && [ "$DEPLOY_STATUS" != "pending" ] && [ "$DEPLOY_STATUS" != "executing" ]; then
echo "First deployment finished with status: $DEPLOY_STATUS"
break
fi
echo " Still running ($WAITED s elapsed, status=$DEPLOY_STATUS)..."
sleep 15
WAITED=$((WAITED + 15))
done
if [ $WAITED -ge $MAX_WAIT ]; then
echo "Warning: first deployment still running after $MAX_WAIT s — proceeding anyway"
fi
# Second deploy — dns module now reads the real K8s Service port, fixing the
# ingress backend. This is a no-op for apps already routed correctly (e.g. port 3000).
HCTL_EXIT2=0
timeout 120 hctl score deploy "$PROJECT_ID" "$ENV_ID" score.yaml \
--no-prompt \
--default-image "$IMAGE_FULL" || HCTL_EXIT2=$?
if [ "$HCTL_EXIT2" -eq 0 ]; then
echo "✓ Deployment finalised to $ENV_ID"
elif [ "$HCTL_EXIT2" -eq 124 ]; then
echo "✓ Second deployment submitted (polling timed out)"
else
echo "✗ Second hctl deploy failed with exit code $HCTL_EXIT2"
exit $HCTL_EXIT2
fi
- name: Deployment Summary
run: |
DEPLOY_URL="https://console.humanitec.dev/orgs/${HUMANITEC_ORG}/projects/$APP_ID"
echo "### 🚀 Deployment Complete" >> $GITHUB_STEP_SUMMARY
echo "| | |" >> $GITHUB_STEP_SUMMARY
echo "|---|---|" >> $GITHUB_STEP_SUMMARY
echo "| **Service** | $APP_ID |" >> $GITHUB_STEP_SUMMARY
echo "| **Environment** | $ENV_ID |" >> $GITHUB_STEP_SUMMARY
echo "| **Image** | $IMAGE_FULL |" >> $GITHUB_STEP_SUMMARY
echo "| **Humanitec** | [$DEPLOY_URL]($DEPLOY_URL) |" >> $GITHUB_STEP_SUMMARY

90
.gitea/workflows/techdocs.yml Normal file
View File

@@ -0,0 +1,90 @@
name: Build and Publish TechDocs
on:
workflow_run:
workflows: ["Build and Push to ACR"]
branches: [main]
types: [completed]
workflow_dispatch: {}
env:
AZURE_FEDERATED_TOKEN_FILE: /var/run/secrets/azure/tokens/azure-identity-token
AZURE_ACCOUNT_NAME: "bstagecjotdevsttechdocs"
ENTITY_NAMESPACE: default
ENTITY_KIND: component
ENTITY_NAME: test-micro-alex-stable-1
jobs:
build-and-publish:
if: >-
${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' }}
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Bootstrap pip
run: |
python3 --version
if python3 -m pip --version 2>/dev/null; then
echo "pip already available"
elif python3 -m ensurepip --version 2>/dev/null; then
python3 -m ensurepip --upgrade
else
apt-get update -qq
apt-get install -y python3-pip
fi
python3 -m pip install --upgrade pip
python3 -m pip --version
- name: Install dependencies
run: |
python3 -m pip install --upgrade pip
python3 -m pip install \
mkdocs-techdocs-core==1.* \
mkdocs-git-revision-date-localized-plugin \
mkdocs-awesome-pages-plugin
npm install -g @techdocs/cli
- name: Validate MkDocs config
run: mkdocs build --strict --site-dir /tmp/mkdocs-validate
- name: Build TechDocs site
run: |
techdocs-cli generate \
--source-dir . \
--output-dir ./site \
--no-docker \
--verbose
- name: Install Azure CLI
run: |
if command -v az &>/dev/null; then
echo "Azure CLI already installed: $(az version --query '"azure-cli"' -o tsv)"
else
curl -sL https://aka.ms/InstallAzureCLIDeb | bash
fi
- name: Azure login (OIDC)
run: |
az login \
--service-principal \
--username "$AZURE_CLIENT_ID" \
--tenant "$AZURE_TENANT_ID" \
--federated-token "$(cat $AZURE_FEDERATED_TOKEN_FILE)"
echo "Azure login successful"
- name: Publish TechDocs site
run: |
techdocs-cli publish \
--publisher-type azureBlobStorage \
--storage-name "techdocs" \
--azureAccountName "$AZURE_ACCOUNT_NAME" \
--entity "$ENTITY_NAMESPACE/$ENTITY_KIND/$ENTITY_NAME"