played/workflows
4
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
4 Commits 2 Branches 0 Tags
0c5f9a347a588d90dad340f71b44bac5389d8d82
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
enricobuehler 0c5f9a347a fix(ci): inline docker buildx to stop concurrent-build cache contention 
Two failing runs across refaire (run 1709) and rememed (run 1624)
both crash at the same step (`Set up Docker Buildx`) with a node error
on dist/index.js line 1, AND both reference the same act cache dir:
/root/.cache/act/6a647958c11e138a6cfcaf32d2b372bc8e0c97871d617bfb441d003d505b77cf

act keys remote-action cache entries by repo URL alone — pinning to
`@v3.10.0` doesn't help, every game that uses `docker/setup-buildx-
action` lands in the same dir. When you push N games at once on
home-runner-1, the act-runner does parallel `git clone` ops into that
shared dir; the loser's pull aborts ("worktree contains unstaged
changes") and leaves dist/ half-written, so the next job's `node
dist/index.js` throws on line 1 → step fails. That's the entire flake.

Fix: drop the two remote actions that were racing — setup-buildx-action
and build-push-action — and replace them with inline `docker buildx
create` + `docker buildx build --push` shell. Nothing is fetched from
GitHub at runtime, no cache dir is shared, the failure mode disappears.

Same image, same tags, same registry mirror, same cache-from/cache-to
shape, same secret-files mount (`--secret id=...,src=...`). Each job
gets a uniquely-named builder (`builder-<game>-<api-core|web>`) and a
teardown step so the runner host's docker state doesn't accumulate
abandoned builders.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-25 12:23:35 +02:00
.gitea/workflows
fix(ci): inline docker buildx to stop concurrent-build cache contention
2026-05-25 12:23:35 +02:00
.gitignore
Initial: build-deploy-game.yml reusable workflow
2026-05-19 19:00:55 +02:00
README.md
Initial: build-deploy-game.yml reusable workflow
2026-05-19 19:00:55 +02:00

README.md

played/workflows

Reusable Gitea Actions workflows for the played ecosystem.

build-deploy-game.yml

Drives the standard four-stage build-api-core → deploy-api-core → build-web → deploy-web pipeline for a played game.

Usage

Each game's .gitea/workflows/deploy.yml:

name: Build & Deploy <Game>
run-name: ${{ gitea.actor }} is deploying <game-id>

on:
  push:
    branches: [main]
  workflow_dispatch:

jobs:
  build-deploy:
    uses: played/workflows/.gitea/workflows/build-deploy-game.yml@main
    with:
      game-id: <game-id>
    secrets: inherit

Required caller secrets

secrets: inherit makes all the calling repo's secrets available. The workflow reads:

Secret Purpose
BUILD_ENV Full prod .env contents. Used as a Docker build secret (secret-files: env=...) AND written to ~/<game-id>-secrets/.env on the deploy VM.
NPMRC ~/.npmrc content with @played:registry=... + auth tokens.
REGISTRY_USER / REGISTRY_TOKEN Gitea container registry creds.
PLAYED_HOST / PLAYED_USER / PLAYED_PORT / PLAYED_SSH_KEY Deploy target SSH.
STEP_CA_PROVISIONER_PASSWORD For the cert-init container in compose.production.yml.

Assumptions

  • The repo lives at git.unom.io/played/<game-id> (matches ${{ gitea.repository }}).
  • The VM working dir is ~/<game-id> (the deploy step cds there).
  • Secrets dir is ~/<game-id>-secrets/.
  • compose.production.yml defines api-core and web services, both with --env-file ~/<game-id>-secrets/.env.
Reference in New Issue View Git Blame Copy Permalink
S
Description
Reusable Gitea Actions workflows for the played ecosystem. Game repos invoke build-deploy-game.yml via uses: played/workflows/.gitea/workflows/build-deploy-game.yml@main.
Readme 109 KiB