played/workflows
4
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Initial: build-deploy-game.yml reusable workflow

Browse Source 
Drives the standard four-stage build-api-core → deploy-api-core → build-web
→ deploy-web pipeline for a played game. Game repos invoke via:

  jobs:
    deploy:
      uses: played/workflows/.gitea/workflows/build-deploy-game.yml@main
      with:
        game-id: <slug>
      secrets: inherit

The caller's BUILD_ENV / NPMRC / REGISTRY_* / PLAYED_* /
STEP_CA_PROVISIONER_PASSWORD are inherited; `game-id` parameterizes the
VM paths (~/<id>, ~/<id>-secrets) and the docker tag context.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Enrico Bühler
2026-05-19 19:00:55 +02:00
commit a6e03d8886
3 changed files with 261 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+47
View File
@@ -0,0 +1,47 @@
# played/workflows
Reusable Gitea Actions workflows for the played ecosystem.
## `build-deploy-game.yml`
Drives the standard four-stage `build-api-core → deploy-api-core → build-web → deploy-web` pipeline for a played game.
### Usage
Each game's `.gitea/workflows/deploy.yml`:
```yaml
name: Build & Deploy <Game>
run-name: ${{ gitea.actor }} is deploying <game-id>
on:
push:
branches: [main]
workflow_dispatch:
jobs:
build-deploy:
uses: played/workflows/.gitea/workflows/build-deploy-game.yml@main
with:
game-id: <game-id>
secrets: inherit
```
### Required caller secrets
`secrets: inherit` makes all the calling repo's secrets available. The workflow reads:
| Secret | Purpose |
| ------ | ------- |
| `BUILD_ENV` | Full prod `.env` contents. Used as a Docker build secret (`secret-files: env=...`) AND written to `~/<game-id>-secrets/.env` on the deploy VM. |
| `NPMRC` | `~/.npmrc` content with `@played:registry=...` + auth tokens. |
| `REGISTRY_USER` / `REGISTRY_TOKEN` | Gitea container registry creds. |
| `PLAYED_HOST` / `PLAYED_USER` / `PLAYED_PORT` / `PLAYED_SSH_KEY` | Deploy target SSH. |
| `STEP_CA_PROVISIONER_PASSWORD` | For the `cert-init` container in `compose.production.yml`. |
### Assumptions
- The repo lives at `git.unom.io/played/<game-id>` (matches `${{ gitea.repository }}`).
- The VM working dir is `~/<game-id>` (the deploy step `cd`s there).
- Secrets dir is `~/<game-id>-secrets/`.
- `compose.production.yml` defines `api-core` and `web` services, both with `--env-file ~/<game-id>-secrets/.env`.