played/workflows
4
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
2 Commits 2 Branches 0 Tags
f924ec74853e655def657060f225e3b888664e4e
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
enricobuehler f924ec7485 ci: pin action versions, inline docker login, parallelize builds 
Three reliability+speed changes to the reusable build-deploy-game workflow:

- Pin actions/checkout, docker/setup-buildx-action, docker/build-push-action
  to immutable patch tags (v4.2.2, v3.10.0, v6.16.0). Moving major-version
  tags (`@v3`/`@v6`) gave the act-runner non-deterministic cache hashes; the
  remplir 1541 failure was act re-using a partial cache dir for `@v3` of
  docker/login-action with only `.gitignore` present and no `dist/index.js`.

- Replace docker/login-action with an inline `docker login --password-stdin`
  shell step in both build jobs. One less remote-action download per job =
  one less surface for the act partial-cache failure mode that broke 1541.

- Decouple build-web from deploy-api-core. Web build only needs the git
  checkout, not a running api-core (vite build is offline). deploy-web now
  gates on [build-web, deploy-api-core] so the runtime ordering is still
  api-core-before-web while the two image builds can run in parallel if the
  runner has any concurrency.

Also: drop the shared played/bun-cache references (was causing thrashing
between games writing to the same `:latest` tag) and flip per-game cache
to mode=max so the expensive bun-install + turbo-build layers are
actually reused on subsequent runs.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-21 18:40:56 +02:00
.gitea/workflows
ci: pin action versions, inline docker login, parallelize builds
2026-05-21 18:40:56 +02:00
.gitignore
Initial: build-deploy-game.yml reusable workflow
2026-05-19 19:00:55 +02:00
README.md
Initial: build-deploy-game.yml reusable workflow
2026-05-19 19:00:55 +02:00

README.md

played/workflows

Reusable Gitea Actions workflows for the played ecosystem.

build-deploy-game.yml

Drives the standard four-stage build-api-core → deploy-api-core → build-web → deploy-web pipeline for a played game.

Usage

Each game's .gitea/workflows/deploy.yml:

name: Build & Deploy <Game>
run-name: ${{ gitea.actor }} is deploying <game-id>

on:
  push:
    branches: [main]
  workflow_dispatch:

jobs:
  build-deploy:
    uses: played/workflows/.gitea/workflows/build-deploy-game.yml@main
    with:
      game-id: <game-id>
    secrets: inherit

Required caller secrets

secrets: inherit makes all the calling repo's secrets available. The workflow reads:

Secret Purpose
BUILD_ENV Full prod .env contents. Used as a Docker build secret (secret-files: env=...) AND written to ~/<game-id>-secrets/.env on the deploy VM.
NPMRC ~/.npmrc content with @played:registry=... + auth tokens.
REGISTRY_USER / REGISTRY_TOKEN Gitea container registry creds.
PLAYED_HOST / PLAYED_USER / PLAYED_PORT / PLAYED_SSH_KEY Deploy target SSH.
STEP_CA_PROVISIONER_PASSWORD For the cert-init container in compose.production.yml.

Assumptions

  • The repo lives at git.unom.io/played/<game-id> (matches ${{ gitea.repository }}).
  • The VM working dir is ~/<game-id> (the deploy step cds there).
  • Secrets dir is ~/<game-id>-secrets/.
  • compose.production.yml defines api-core and web services, both with --env-file ~/<game-id>-secrets/.env.
Reference in New Issue View Git Blame Copy Permalink
S
Description
Reusable Gitea Actions workflows for the played ecosystem. Game repos invoke build-deploy-game.yml via uses: played/workflows/.gitea/workflows/build-deploy-game.yml@main.
Readme 109 KiB