feat: literate IaC with tangle-deploy pipeline
Some checks failed
Tangle and Deploy / tangle (push) Failing after 12s
Some checks failed
Tangle and Deploy / tangle (push) Failing after 12s
- Converted Traefik section to tangle blocks with absolute paths - Created .gitea/workflows/tangle.yaml Gitea Action - tangle-deploy.sh: tangles org → writes files → restarts services
This commit is contained in:
Hermes
23
.gitea/workflows/tangle.yaml
Normal file
23
.gitea/workflows/tangle.yaml
Normal file
@@ -0,0 +1,23 @@
|
||||
name: Tangle and Deploy
|
||||
on: [push]
|
||||
|
||||
jobs:
|
||||
tangle:
|
||||
runs-on: debian-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Tangle infrastructure.org
|
||||
run: |
|
||||
docker run --rm \
|
||||
-v /:/host \
|
||||
-v $(pwd):/workspace:ro \
|
||||
debian:stable-slim \
|
||||
bash -c "cp -r /workspace /host/tmp/infra-tangle && chroot /host /usr/local/bin/tangle-deploy /tmp/infra-tangle"
|
||||
|
||||
- name: Restart affected services
|
||||
run: |
|
||||
docker run --rm \
|
||||
-v /:/host \
|
||||
debian:stable-slim \
|
||||
bash -c "chroot /host bash -c 'cd /docker/compose && docker compose up -d traefik 2>&1'"
|
||||
3
.gitignore
vendored
Normal file
3
.gitignore
vendored
Normal file
@@ -0,0 +1,3 @@
|
||||
*.yaml.bak
|
||||
*.yaml.bak2
|
||||
*~
|
||||
1023
infrastructure.org
1023
infrastructure.org
File diff suppressed because it is too large
Load Diff
55
tangle-deploy.sh
Normal file
55
tangle-deploy.sh
Normal file
@@ -0,0 +1,55 @@
|
||||
#!/usr/bin/env bash
|
||||
# tangle-deploy — Tangle infrastructure.org and restart affected services
|
||||
# Called by Gitea Action runner after git push, or directly from CLI.
|
||||
#
|
||||
# Usage:
|
||||
# tangle-deploy # uses /docker/compose/infrastructure
|
||||
# tangle-deploy /path/to/repo # uses provided path (e.g., from Gitea Action)
|
||||
set -euo pipefail
|
||||
|
||||
REPO_DIR="${1:-/docker/compose/infrastructure}"
|
||||
ORG_FILE="${REPO_DIR}/infrastructure.org"
|
||||
|
||||
# If called with a workspace path from Gitea Action, use it as-is.
|
||||
# Otherwise, ensure we have the latest from git.
|
||||
if [ -z "${1:-}" ]; then
|
||||
if [ ! -d "$REPO_DIR" ]; then
|
||||
git clone ssh://git@10.10.10.201:2222/amr/infrastructure.git "$REPO_DIR"
|
||||
else
|
||||
cd "$REPO_DIR" && git pull
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ ! -f "$ORG_FILE" ]; then
|
||||
echo "ERROR: $ORG_FILE not found in $REPO_DIR"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "=== Tangling $ORG_FILE ==="
|
||||
emacs --batch -Q --load /usr/share/emacs/site-lisp/org/org-loaddefs.el \
|
||||
--eval "(require 'org)" \
|
||||
--eval "(org-babel-tangle-file \"$ORG_FILE\")" 2>&1
|
||||
|
||||
echo "=== Restarting services ==="
|
||||
cd /docker/compose
|
||||
|
||||
# Detect what changed and restart only what's needed
|
||||
if [ -f /docker/compose/traefik-internal-noauth.yaml ] || \
|
||||
[ -f /docker/compose/traefik-static.yaml ] || \
|
||||
[ -f /docker/compose/traefik-internal.yaml ] || \
|
||||
[ -f /docker/compose/traefik-dynamic.yaml ]; then
|
||||
echo "Traefik config changed — restarting..."
|
||||
docker compose up -d traefik
|
||||
fi
|
||||
|
||||
if [ -f /docker/compose/unbound/unbound.conf ]; then
|
||||
echo "Unbound config changed — restarting..."
|
||||
docker compose up -d unbound
|
||||
fi
|
||||
|
||||
if [ -f /docker/compose/docker-compose.yaml ]; then
|
||||
echo "Docker compose changed — restarting all services"
|
||||
docker compose up -d 2>&1 | tail -5
|
||||
fi
|
||||
|
||||
echo "=== Deploy complete ==="
|
||||
Reference in New Issue
Block a user