name: adminpanel-ci-cd # Pre-deploy: Jest + coverage on test|stage tags. Prod — без автотестов. on: push: tags: - 'adminpanel-v*' env: REGISTRY: gitea-http.gitea.svc.cluster.local:3000 IMAGE: gitea-http.gitea.svc.cluster.local:3000/sova/adminpanel IMAGE_DEPLOY: git.sova.local/sova/adminpanel jobs: parse-tag: runs-on: ubuntu-latest outputs: full_tag: ${{ steps.meta.outputs.full_tag }} env: ${{ steps.meta.outputs.env }} version: ${{ steps.meta.outputs.version }} steps: - name: Parse tag id: meta run: | TAG="${GITHUB_REF#refs/tags/}" echo "full_tag=$TAG" >> "$GITHUB_OUTPUT" echo "env=$(echo "$TAG" | sed -E 's/adminpanel-v([0-9.]+)-([a-z]+)/\2/')" >> "$GITHUB_OUTPUT" echo "version=$(echo "$TAG" | sed -E 's/adminpanel-v([0-9.]+).*/\1/')" >> "$GITHUB_OUTPUT" test: needs: [parse-tag] if: needs.parse-tag.outputs.env != 'prod' runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: '24' - name: Install dependencies run: | if [ -f package-lock.json ]; then npm ci; else npm install; fi - name: Lint run: npm run lint - name: Unit tests + coverage run: npm run test:ci - name: Build run: npm run build - name: Upload coverage if: always() uses: actions/upload-artifact@v4 with: name: adminpanel-coverage-${{ needs.parse-tag.outputs.full_tag }} path: coverage/ retention-days: 14 test-prod-skip: needs: [parse-tag] if: needs.parse-tag.outputs.env == 'prod' runs-on: ubuntu-latest steps: - run: echo "Prod tag — automated tests skipped." build-and-push: needs: [parse-tag, test, test-prod-skip] if: always() && (needs.test.result == 'success' || needs.test.result == 'skipped') && (needs.test-prod-skip.result == 'success' || needs.test-prod-skip.result == 'skipped') runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Docker login env: REGISTRY_USER: ${{ secrets.REGISTRY_USER }} REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} run: | echo "${REGISTRY_PASSWORD}" | docker login "$REGISTRY" -u "${REGISTRY_USER}" --password-stdin - name: Build and push run: | TAG="${{ needs.parse-tag.outputs.full_tag }}" docker build -f Dockerfile -t "$IMAGE:${TAG}" -t "$IMAGE:${{ needs.parse-tag.outputs.version }}" . docker push "$IMAGE:${TAG}" docker push "$IMAGE:${{ needs.parse-tag.outputs.version }}" deploy-gitops: needs: [build-and-push, parse-tag] runs-on: ubuntu-latest steps: - name: Bump image tag in sova-deploy env: DEPLOY_TOKEN: ${{ secrets.DEPLOY_TOKEN }} DEPLOY_USER: ${{ secrets.REGISTRY_USER }} run: | REPO_URL="http://${DEPLOY_USER}:${DEPLOY_TOKEN}@gitea-http.gitea.svc.cluster.local:3000/sova/sova-deploy.git" ENV="${{ needs.parse-tag.outputs.env }}" TAG="${{ needs.parse-tag.outputs.full_tag }}" case "${ENV}" in test|stage|prod) ;; *) echo "Unknown env from tag: ${ENV}"; exit 1 ;; esac git clone --branch "${ENV}" --single-branch "${REPO_URL}" sova-deploy 2>/dev/null \ || { git clone "${REPO_URL}" sova-deploy && cd sova-deploy && git checkout -B "${ENV}"; } cd sova-deploy git config user.email "ci-bot@sova.local" git config user.name "sova-ci" MAX_RETRIES=5 case "$(uname -m)" in x86_64|amd64) YQ_ARCH=amd64 ;; aarch64|arm64) YQ_ARCH=arm64 ;; *) echo "Unsupported arch: $(uname -m)"; exit 1 ;; esac curl -sSL -o /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_${YQ_ARCH}" chmod +x /usr/local/bin/yq for attempt in $(seq 1 $MAX_RETRIES); do git pull --rebase origin "${ENV}" yq -i ".image.repository = \"${IMAGE_DEPLOY}\"" "apps/adminpanel/values-${ENV}.yaml" yq -i ".image.tag = \"${TAG}\"" "apps/adminpanel/values-${ENV}.yaml" yq -i ".image.pullPolicy = \"IfNotPresent\"" "apps/adminpanel/values-${ENV}.yaml" git add "apps/adminpanel/values-${ENV}.yaml" git diff --cached --quiet && { echo "No changes"; exit 0; } git commit -m "chore(adminpanel): bump ${ENV} to ${TAG}" if git push origin "${ENV}"; then exit 0; fi git reset --hard HEAD~1 sleep $((attempt * 2)) done exit 1