6bcbe9cc9e
Some checks failed
Auto-Deploy on Push / verify-and-notify (push) Has been cancelled
- deploy-on-push.yml: Verify YAML, check SOPS encryption, notify on deployments - milestone-release.yml: Auto-create releases on milestone tags Triggers: - deploy-on-push: On any push to main (apps/clusters changes) - milestone-release: On git tag m*-*-complete Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
51 lines
1.4 KiB
YAML
51 lines
1.4 KiB
YAML
name: Auto-Deploy on Push
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
paths:
|
|
- 'apps/**'
|
|
- 'clusters/**'
|
|
- '.gitea/workflows/**'
|
|
|
|
jobs:
|
|
verify-and-notify:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Check YAML Syntax
|
|
run: |
|
|
echo "🔍 Validating YAML files..."
|
|
find apps clusters -name "*.yaml" -type f | while read file; do
|
|
if ! grep -q "^apiVersion:" "$file"; then
|
|
echo "⚠️ Warning: $file may not be a valid K8s manifest"
|
|
fi
|
|
done
|
|
echo "✅ YAML validation passed"
|
|
|
|
- name: Check for SOPS Encryption
|
|
run: |
|
|
echo "🔐 Checking SOPS status..."
|
|
for file in $(git diff --name-only origin/main...HEAD -- '**/secret*.yaml' '**/credentials*.yaml'); do
|
|
if grep -q "ENC\[" "$file"; then
|
|
echo "✅ $file is encrypted"
|
|
else
|
|
echo "⚠️ WARNING: $file may not be encrypted!"
|
|
fi
|
|
done
|
|
|
|
- name: Create Deployment Notification
|
|
run: |
|
|
echo "📤 Flux will reconcile changes within 1 minute"
|
|
echo "🔗 Monitor in Gitea: Projects → Releases (check tags)"
|
|
|
|
- name: List Changed Files
|
|
run: |
|
|
echo "📋 Files changed in this push:"
|
|
git diff --name-only origin/main...HEAD
|
|
|