diff --git a/.gitea/actions/notify/action.yaml b/.gitea/actions/notify/action.yaml deleted file mode 100644 index 225b771..0000000 --- a/.gitea/actions/notify/action.yaml +++ /dev/null @@ -1,31 +0,0 @@ -name: 'notify' -description: 'notify' - -inputs: - result: - required: false - default: "failure" - type: string - name: - required: false - type: string - default: build - secrets: - required: false - type: string - - - -runs: - using: 'composite' - steps: - - uses: dosymep/vk-teams-action@v1.0.0 - env: - ICONS: '{"success":"✅","failure":"❌","canceled":"🤦","started":"⚠️"}' - with: - token: ${{ fromJSON(inputs.secrets).VK_TEAMS_BOT_TOKEN }} - to: ${{ fromJSON(inputs.secrets).VK_TEAMS_CHAT_ID }} - format: MarkdownV2 - message: | - ${{ github.repository }} \[${{inputs.name}}\]\(${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_number }}\) was ${{ inputs.result }} by ${{ github.event.sender.login }} ${{ fromJson(env.ICONS)[inputs.result] }} - diff --git a/.gitea/actions/vk-notify/action.yaml b/.gitea/actions/vk-notify/action.yaml new file mode 100644 index 0000000..5f033de --- /dev/null +++ b/.gitea/actions/vk-notify/action.yaml @@ -0,0 +1,60 @@ +name: 'notify' +description: 'Send VK Teams notification' + +inputs: + result: + required: false + default: "failure" + type: string + name: + required: false + type: string + default: build + +runs: + using: 'composite' + steps: + - name: Resolve token/from env if missing + shell: bash + run: | + if [ -z "${{ inputs.token }}" ] && [ -n "${VK_TEAMS_BOT_TOKEN}" ]; then + echo "token=${VK_TEAMS_BOT_TOKEN}" >> $GITHUB_ENV + fi + if [ -z "${{ inputs.to }}" ] && [ -n "${VK_TEAMS_CHAT_ID}" ]; then + echo "to=${VK_TEAMS_CHAT_ID}" >> $GITHUB_ENV + fi + + - name: Set icon + id: icon + shell: bash + run: | + case "${{ inputs.result }}" in + success) echo "ICON=✅" >> $GITHUB_ENV ;; + failure) echo "ICON=❌" >> $GITHUB_ENV ;; + canceled) echo "ICON=🤦" >> $GITHUB_ENV ;; + started) echo "ICON=⚠️" >> $GITHUB_ENV ;; + *) echo "ICON=ℹ️" >> $GITHUB_ENV ;; + esac + + - name: Notify VK Teams (native) + if: always() + shell: bash + continue-on-error: true + run: | + echo "[DEBUG] Sending VK Teams notification..." + curl -G "https://myteam.mail.ru/bot/v1/messages/sendText" \ + --data-urlencode "token=${{ env.token }}" \ + --data-urlencode "chatId=${{ env.to }}" \ + --data-urlencode "parseMode=MarkdownV2" \ + --data-urlencode "text=*${{ github.repository }}* - [${{ inputs.name }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_number }}) was *${{ inputs.result }}* by ${{ github.event.sender.login }} ${{ env.ICON }}" + + CODE=$? + if [ $CODE -ne 0 ]; then + echo "[WARN] VK Teams notification failed with exit code $CODE" + else + echo "[INFO] VK Teams notification sent successfully" + fi + + # Делаем паузу, чтобы убедиться, что сообщение дошло + echo "[DEBUG] Sleeping 5s to ensure delivery..." + sleep 5 \ No newline at end of file diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 0296c6e..a36bfc6 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -11,7 +11,14 @@ on: force_build: type: boolean default: false - + arch: + type: string + default: "linux/amd64,linux/arm64/v8" + secrets: + VK_TEAMS_BOT_TOKEN: + required: true + VK_TEAMS_CHAT_ID: + required: true jobs: build: @@ -20,52 +27,102 @@ jobs: CR_REGISTRY: crp8vh46gd976oq8ipla CR_REPO: ${{ github.event.repository.name }} IMAGE_TAG: ${{ github.sha }} - steps: - - name: Checkout - uses: actions/checkout@master - - name: Checkout LFS - if: ${{ inputs.lfs }} - run: | - UrlBase=$GITHUB_SERVER_URL; \ - UrlLfsBase=$UrlBase/${{ github.repository }}.git/info/lfs/objects; \ - Auth=`/usr/bin/git config --get --local http.$UrlBase/.extraheader`; \ - /usr/bin/git config --local http.${UrlLfsBase}/batch.extraheader "$Auth"; \ - /usr/bin/git config --local http.${UrlLfsBase}/.extraheader '' - git config --local lfs.transfer.maxretries 1 - git ls-remote - git lfs checkout - git lfs fetch - git lfs pull - #git lfs fetch origin refs/heads/${{ github.head_ref || github.ref_name }} + steps: + - name: Notify (started) + uses: https://bb.hublab.ru/HUB/workflows/.gitea/actions/vk-notify@main + env: + VK_TEAMS_BOT_TOKEN: ${{ secrets.VK_TEAMS_BOT_TOKEN }} + VK_TEAMS_CHAT_ID: ${{ secrets.VK_TEAMS_CHAT_ID }} + with: + result: started + name: build tag ${{ inputs.tag }} + + - uses: actions/checkout@v4 + with: + lfs: ${{ inputs.lfs }} + - name: Use ssh key uses: webfactory/ssh-agent@v0.9.0 with: - ssh-private-key: | - ${{ secrets.LIB_SSH_KEY }} - ${{ secrets.LIB_NEW_SSH_KEY }} - - name: Build Docker image - run: | - if [ "$NO_CACHE" == "true" ]; then - docker build -t cr.yandex/$CR_REGISTRY/$CR_REPO:${IMAGE_TAG::7} --no-cache --ssh default . - else - docker build -t cr.yandex/$CR_REGISTRY/$CR_REPO:${IMAGE_TAG::7} --ssh default . - fi - env: - NO_CACHE: ${{ inputs.force_build || 'false' }} + ssh-private-key: | + ${{ secrets.LIB_SSH_KEY }} + ${{ secrets.LIB_NEW_SSH_KEY }} + - name: Yandex Cloud Login uses: yc-actions/yc-cr-login@v2 with: yc-sa-json-credentials: ${{ secrets.YC_SA_JSON_CREDENTIALS }} - - name: Tag image - env: - INPUT_TAG: ${{ inputs.tag }} + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v3 + with: + install: true + + - name: Shorten commit SHA + run: echo "SHORT_SHA=${GITHUB_SHA::7}" >> $GITHUB_ENV + + - name: Normalize tag + id: normalize run: | - echo ${INPUT_TAG/\//-} ${IMAGE_TAG::7} $INPUT_TAG $IMAGE_TAG - docker tag cr.yandex/$CR_REGISTRY/$CR_REPO:${IMAGE_TAG::7} cr.yandex/$CR_REGISTRY/$CR_REPO:${INPUT_TAG/\//-} - - name: Push image - env: - INPUT_TAG: ${{ inputs.tag }} + SAFE_TAG=$(echo "${{ inputs.tag }}" | tr '/' '-') + echo "SAFE_TAG=$SAFE_TAG" >> $GITHUB_ENV + + - name: Restore Docker layer cache + uses: actions/cache/restore@v4 + with: + path: /cache/${{ github.repository }}/buildx-cache + key: ${{ runner.os }}-${{ github.repository }}-buildx-${{ hashFiles(format('{0}/Dockerfile', github.workspace), format('{0}/**/requirements.txt', github.workspace), format('{0}/**/*lock*', github.workspace), format('{0}/**/package-lock.json', github.workspace), format('{0}/**/poetry.lock', github.workspace)) }} + restore-keys: | + ${{ runner.os }}-${{ github.repository }}-buildx- + ${{ runner.os }}-buildx- + + - name: Build and push multi-arch image + id: build-step + uses: docker/build-push-action@v6 + with: + push: true + context: . + builder: ${{ steps.buildx.outputs.name }} + tags: | + cr.yandex/${{ env.CR_REGISTRY }}/${{ env.CR_REPO }}:${{ env.SHORT_SHA }} + cr.yandex/${{ env.CR_REGISTRY }}/${{ env.CR_REPO }}:${{ env.SAFE_TAG }} + platforms: ${{ inputs.arch }} + ssh: default + no-cache: ${{ inputs.force_build }} + build-args: | + GIT_COMMIT=${{ github.sha }} + cache-from: | + type=local,src=/cache/${{ github.repository }}/buildx-cache + cache-to: | + type=local,dest=/cache/${{ github.repository }}/buildx-cache-new,mode=max + + - name: Move new cache if it exists + if: always() run: | - docker push cr.yandex/$CR_REGISTRY/$CR_REPO:${IMAGE_TAG::7} - docker push cr.yandex/$CR_REGISTRY/$CR_REPO:${INPUT_TAG/\//-} \ No newline at end of file + mkdir -p /cache/${{ github.repository }} + if [ -d /cache/${{ github.repository }}/buildx-cache-new ]; then + echo "Found new buildx cache, replacing old one..." + rm -rf /cache/${{ github.repository }}/buildx-cache + mv /cache/${{ github.repository }}/buildx-cache-new /cache/${{ github.repository }}/buildx-cache + else + echo "No new buildx cache found, keeping old one." + fi + + - name: Save Docker layer cache + if: always() + uses: actions/cache/save@v4 + with: + path: /cache/${{ github.repository }}/buildx-cache + key: ${{ runner.os }}-${{ github.repository }}-buildx-${{ hashFiles(format('{0}/Dockerfile', github.workspace), format('{0}/**/requirements.txt', github.workspace), format('{0}/**/*lock*', github.workspace), format('{0}/**/package-lock.json', github.workspace), format('{0}/**/poetry.lock', github.workspace)) }} + + - name: Notify (result) + if: always() + uses: https://bb.hublab.ru/HUB/workflows/.gitea/actions/vk-notify@main + env: + VK_TEAMS_BOT_TOKEN: ${{ secrets.VK_TEAMS_BOT_TOKEN }} + VK_TEAMS_CHAT_ID: ${{ secrets.VK_TEAMS_CHAT_ID }} + with: + result: ${{ steps.build-step.outcome }} + name: build tag ${{ inputs.tag }} diff --git a/.github/workflows/deployk8s.yaml b/.github/workflows/deployk8s.yaml index 46e7da0..12a9f89 100644 --- a/.github/workflows/deployk8s.yaml +++ b/.github/workflows/deployk8s.yaml @@ -24,7 +24,7 @@ on: jobs: deploy: - if: contains(format(',{0},', vars.ADMIN_USERS), format(',{0},', github.actor)) || inputs.environment=='stage' + if: ${{ contains(format(',{0},', vars.ADMIN_USERS), format(',{0},', github.actor)) || startsWith(inputs.environment, 'stage') }} runs-on: ubuntu-latest env: CR_REGISTRY: crp8vh46gd976oq8ipla @@ -32,24 +32,27 @@ jobs: TAG: ${{ inputs.tag }} steps: - name: notify - uses: https://bb.hublab.ru/HUB/workflows/.gitea/actions/notify@HEAD + uses: https://bb.hublab.ru/HUB/workflows/.gitea/actions/vk-notify@main + env: + VK_TEAMS_BOT_TOKEN: ${{ secrets.VK_TEAMS_BOT_TOKEN }} + VK_TEAMS_CHAT_ID: ${{ secrets.VK_TEAMS_CHAT_ID }} with: result: 'started' - secrets: ${{ toJSON(secrets) }} name: deploy ${{ inputs.environment }} tag ${{ inputs.tag }} - name: deploy + id: k8s_deploy uses: https://bb.hublab.ru/HUB/workflows/.gitea/actions/k8s@HEAD with: secrets: ${{ toJSON(secrets) }} environment: ${{ inputs.environment }} tag: ${{ inputs.tag }} migrate: ${{ inputs.migrate }} - - notify: - needs: [deploy] - if: always() - uses: HUB/workflows/.github/workflows/notify.yaml@main - with: - result: ${{ needs.deploy.result}} - name: k8s deploy ${{ inputs.environment }} tag ${{ inputs.tag }} - secrets: inherit \ No newline at end of file + - name: post-notify + if: always() + uses: https://bb.hublab.ru/HUB/workflows/.gitea/actions/vk-notify@main + env: + VK_TEAMS_BOT_TOKEN: ${{ secrets.VK_TEAMS_BOT_TOKEN }} + VK_TEAMS_CHAT_ID: ${{ secrets.VK_TEAMS_CHAT_ID }} + with: + result: ${{ steps.k8s_deploy.outcome }} + name: k8s deploy ${{ inputs.environment }} tag ${{ inputs.tag }} diff --git a/.github/workflows/notify.yaml b/.github/workflows/notify.yaml index c37c31c..d8d2170 100644 --- a/.github/workflows/notify.yaml +++ b/.github/workflows/notify.yaml @@ -1,5 +1,3 @@ -env: - icons: '{"success" : ":white_check_mark:", "failure": ":x:", "canceled": ":facepalm:", "started": ":warning:", "": ":boxing_glove:"}' on: workflow_call: inputs: @@ -15,11 +13,13 @@ jobs: notify: runs-on: gpu steps: - - uses: mattermost/action-mattermost-notify@master - with: - MATTERMOST_WEBHOOK_URL: ${{ secrets.MM_WEBHOOK_URL }} - PAYLOAD: | - { - "text": "${{ github.repository }} [${{inputs.name}}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_number }}) was ${{ inputs.result }} by ${{ github.event.sender.login}} ${{ fromJson(env.icons)[inputs.result]}}" - } - + - uses: dosymep/vk-teams-action@v1.0.0 + env: + ICONS: '{"success":"✅","failure":"❌","canceled":"🤦","started":"⚠️"}' + with: + token: ${{ secrets.VK_TEAMS_BOT_TOKEN }} + to: ${{ secrets.VK_TEAMS_CHAT_ID }} + format: MarkdownV2 + message: | + ${{ github.repository }} \[${{inputs.name}}\]\(${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_number }}\) was ${{ inputs.result }} by ${{ github.event.sender.login }} ${{ fromJson(env.ICONS)[inputs.result] }} +