enricobuehler
a6e03d8886
Drives the standard four-stage build-api-core → deploy-api-core → build-web
→ deploy-web pipeline for a played game. Game repos invoke via:
jobs:
deploy:
uses: played/workflows/.gitea/workflows/build-deploy-game.yml@main
with:
game-id: <slug>
secrets: inherit
The caller's BUILD_ENV / NPMRC / REGISTRY_* / PLAYED_* /
STEP_CA_PROVISIONER_PASSWORD are inherited; `game-id` parameterizes the
VM paths (~/<id>, ~/<id>-secrets) and the docker tag context.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1.5 KiB
1.5 KiB
played/workflows
Reusable Gitea Actions workflows for the played ecosystem.
build-deploy-game.yml
Drives the standard four-stage build-api-core → deploy-api-core → build-web → deploy-web pipeline for a played game.
Usage
Each game's .gitea/workflows/deploy.yml:
name: Build & Deploy <Game>
run-name: ${{ gitea.actor }} is deploying <game-id>
on:
push:
branches: [main]
workflow_dispatch:
jobs:
build-deploy:
uses: played/workflows/.gitea/workflows/build-deploy-game.yml@main
with:
game-id: <game-id>
secrets: inherit
Required caller secrets
secrets: inherit makes all the calling repo's secrets available. The workflow reads:
| Secret | Purpose |
|---|---|
BUILD_ENV |
Full prod .env contents. Used as a Docker build secret (secret-files: env=...) AND written to ~/<game-id>-secrets/.env on the deploy VM. |
NPMRC |
~/.npmrc content with @played:registry=... + auth tokens. |
REGISTRY_USER / REGISTRY_TOKEN |
Gitea container registry creds. |
PLAYED_HOST / PLAYED_USER / PLAYED_PORT / PLAYED_SSH_KEY |
Deploy target SSH. |
STEP_CA_PROVISIONER_PASSWORD |
For the cert-init container in compose.production.yml. |
Assumptions
- The repo lives at
git.unom.io/played/<game-id>(matches${{ gitea.repository }}). - The VM working dir is
~/<game-id>(the deploy stepcds there). - Secrets dir is
~/<game-id>-secrets/. compose.production.ymldefinesapi-coreandwebservices, both with--env-file ~/<game-id>-secrets/.env.