adminpanel/.gitea/workflows/build.yml

name: adminpanel-ci-cd

# CI/CD: только push git-тега (ручное тегирование на ветке prod|test|stage).

on:
  push:
    tags:
      - 'adminpanel-v*'

env:
  REGISTRY: gitea-http.gitea.svc.cluster.local:3000
  IMAGE: gitea-http.gitea.svc.cluster.local:3000/sova/adminpanel
  IMAGE_DEPLOY: git.sova.local/sova/adminpanel

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: '24'
      - name: Install dependencies
        run: |
          if [ -f package-lock.json ]; then npm ci; else npm install; fi
      - run: npm run build

  parse-tag:
    runs-on: ubuntu-latest
    outputs:
      full_tag: ${{ steps.meta.outputs.full_tag }}
      env: ${{ steps.meta.outputs.env }}
      version: ${{ steps.meta.outputs.version }}
    steps:
      - name: Parse tag
        id: meta
        run: |
          TAG="${GITHUB_REF#refs/tags/}"
          echo "full_tag=$TAG" >> "$GITHUB_OUTPUT"
          echo "env=$(echo "$TAG" | sed -E 's/adminpanel-v([0-9.]+)-([a-z]+)/\2/')" >> "$GITHUB_OUTPUT"
          echo "version=$(echo "$TAG" | sed -E 's/adminpanel-v([0-9.]+).*/\1/')" >> "$GITHUB_OUTPUT"

  build-and-push:
    needs: [test, parse-tag]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Docker login
        env:
          REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
          REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
        run: |
          echo "${REGISTRY_PASSWORD}" | docker login "$REGISTRY" -u "${REGISTRY_USER}" --password-stdin
      - name: Build and push
        run: |
          TAG="${{ needs.parse-tag.outputs.full_tag }}"
          docker build -f Dockerfile -t "$IMAGE:${TAG}" -t "$IMAGE:${{ needs.parse-tag.outputs.version }}" .
          docker push "$IMAGE:${TAG}"
          docker push "$IMAGE:${{ needs.parse-tag.outputs.version }}"

  deploy-gitops:
    needs: [build-and-push, parse-tag]
    runs-on: ubuntu-latest
    steps:
      - name: Bump image tag in sova-deploy
        env:
          DEPLOY_TOKEN: ${{ secrets.DEPLOY_TOKEN }}
          DEPLOY_USER: ${{ secrets.REGISTRY_USER }}
        run: |
          REPO_URL="http://${DEPLOY_USER}:${DEPLOY_TOKEN}@gitea-http.gitea.svc.cluster.local:3000/sova/sova-deploy.git"
          ENV="${{ needs.parse-tag.outputs.env }}"
          TAG="${{ needs.parse-tag.outputs.full_tag }}"
          case "${ENV}" in
            test|stage|prod) ;;
            *) echo "Unknown env from tag: ${ENV}"; exit 1 ;;
          esac
          git clone --branch "${ENV}" --single-branch "${REPO_URL}" sova-deploy 2>/dev/null \
            || { git clone "${REPO_URL}" sova-deploy && cd sova-deploy && git checkout -B "${ENV}"; }
          cd sova-deploy
          git config user.email "ci-bot@sova.local"
          git config user.name "sova-ci"
          MAX_RETRIES=5
          case "$(uname -m)" in
            x86_64|amd64) YQ_ARCH=amd64 ;;
            aarch64|arm64) YQ_ARCH=arm64 ;;
            *) echo "Unsupported arch: $(uname -m)"; exit 1 ;;
          esac
          curl -sSL -o /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_${YQ_ARCH}"
          chmod +x /usr/local/bin/yq
          for attempt in $(seq 1 $MAX_RETRIES); do
            git pull --rebase origin "${ENV}"
            yq -i ".image.repository = \"${IMAGE_DEPLOY}\"" "apps/adminpanel/values-${ENV}.yaml"
            yq -i ".image.tag = \"${TAG}\"" "apps/adminpanel/values-${ENV}.yaml"
            yq -i ".image.pullPolicy = \"IfNotPresent\"" "apps/adminpanel/values-${ENV}.yaml"
            git add "apps/adminpanel/values-${ENV}.yaml"
            git diff --cached --quiet && { echo "No changes"; exit 0; }
            git commit -m "chore(adminpanel): bump ${ENV} to ${TAG}"
            if git push origin "${ENV}"; then
              echo "Push OK on attempt ${attempt}"
              exit 0
            fi
            echo "Push failed, retry ${attempt}/${MAX_RETRIES}..."
            git reset --hard HEAD~1
            sleep $((attempt * 2))
          done
          echo "Failed to push after ${MAX_RETRIES} attempts"
          exit 1