Clubpetro-Lab/vanna-clubpetro
9
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
vanna-clubpetro/.gitea/workflows/cd.yml
Dalton Alvarenga 037a3f4d93
All checks were successful
CD / build (pull_request) Successful in 4m3s
Details
fix(ci): troca --suppress-logs por --async + poll loop 
--suppress-logs nessa versão do gcloud CLI no runner ainda tenta ler
logs no fim e dá exit != 0 quando a SA não tem Viewer no projeto. Build
real do PR #8 deu SUCCESS (image lab-18 em AR), mas a step falhou na
finalização do gcloud.

Com --async, gcloud retorna o build ID logo após enfileirar e sai.
Poll explícito via builds describe (que usa cloudbuild.builds.get,
já em builds.editor). Mata o build no primeiro estado terminal != SUCCESS.
2026-05-07 13:20:27 -03:00

99 lines
4.3 KiB
YAML
Raw Permalink Blame History

name: CD
on:
push:
branches: [master, main]
pull_request:
env:
IMAGE_BASE: ${{ secrets.AR_LOCATION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/${{ secrets.AR_REPO }}
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
# Instala kubectl + auth plugin (gcloud já vem via setup-gcloud).
# Build é feito remoto via Cloud Build (não precisa Docker no runner).
- name: Install kubectl + gke-auth-plugin
run: |
apt-get update -qq
apt-get install -y -qq apt-transport-https ca-certificates gnupg curl
curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | gpg --dearmor -o /usr/share/keyrings/cloud.google.gpg
echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" > /etc/apt/sources.list.d/google-cloud-sdk.list
apt-get update -qq
apt-get install -y -qq kubectl google-cloud-cli-gke-gcloud-auth-plugin
kubectl version --client=true
- name: Auth GCP
uses: google-github-actions/auth@v2
with:
credentials_json: ${{ secrets.GCP_SA_KEY }}
- name: Setup gcloud
uses: google-github-actions/setup-gcloud@v2
with:
project_id: ${{ secrets.GCP_PROJECT }}
- name: Build & push (Cloud Build, sem Docker local)
run: |
set -e
IMG="${IMAGE_BASE}/${{ gitea.event.repository.name }}:lab-${{ gitea.run_number }}"
# --gcs-source-staging-dir: pula o auto-detect que precisa de
# storage.buckets.list (project-scope). gitea-cd só tem grant
# na bucket _cloudbuild, não no projeto inteiro.
# --async: gcloud retorna assim que o build é enfileirado. Sem
# isso, gcloud tenta streamar Cloud Logging, exige Viewer/Owner
# no projeto, e --suppress-logs nessa versão do CLI ainda dá
# exit != 0 quando não consegue ler. Polling abaixo é o trade.
BUILD_ID=$(gcloud builds submit \
--tag "$IMG" \
--project=${{ secrets.GCP_PROJECT }} \
--timeout=30m \
--gcs-source-staging-dir="gs://${{ secrets.GCP_PROJECT }}_cloudbuild/source" \
--async \
--format="value(id)")
echo "Cloud Build kicked off: $BUILD_ID"
# Poll até terminar. gcloud builds describe usa cloudbuild.builds.get
# (já incluído em roles/cloudbuild.builds.editor).
while true; do
STATUS=$(gcloud builds describe "$BUILD_ID" \
--project=${{ secrets.GCP_PROJECT }} \
--region=global \
--format="value(status)")
echo "[$(date -u +%H:%M:%S)] build $BUILD_ID: $STATUS"
case "$STATUS" in
SUCCESS) break ;;
FAILURE|INTERNAL_ERROR|TIMEOUT|CANCELLED|EXPIRED)
echo "::error::Cloud Build $STATUS — ver console: https://console.cloud.google.com/cloud-build/builds/$BUILD_ID?project=${{ secrets.GCP_PROJECT }}"
exit 1
;;
esac
sleep 15
done
echo "IMG=$IMG" >> $GITHUB_ENV
- name: Deploy hml2 (apenas em push pra master/main)
if: github.event_name == 'push'
env:
USE_GKE_GCLOUD_AUTH_PLUGIN: "True"
run: |
gcloud container clusters get-credentials ${{ secrets.GKE_CLUSTER }} --region ${{ secrets.GKE_REGION }} --project ${{ secrets.GCP_PROJECT }}
NS=${{ secrets.K8S_NAMESPACE }}
# 1) Aplica manifests (idempotente — cria PVC/Service/Ingress/Deployment se faltarem)
if [ -d k8s ]; then
kubectl apply -n "$NS" -f k8s/
fi
# 2) Atualiza image
DEPLOYMENT="${{ gitea.event.repository.name }}-deployment"
if kubectl get deployment "$DEPLOYMENT" -n "$NS" >/dev/null 2>&1; then
CONTAINER=$(kubectl get deployment "$DEPLOYMENT" -n "$NS" -o jsonpath='{.spec.template.spec.containers[0].name}')
kubectl set image deployment/"$DEPLOYMENT" -n "$NS" "$CONTAINER=$IMG"
kubectl rollout status deployment/"$DEPLOYMENT" -n "$NS" --timeout=600s
else
echo "Deployment $DEPLOYMENT não existe no ns $NS — pulei set image (provavelmente é o 1º deploy e o kubectl apply acabou de criar)"
fi
Reference in New Issue View Git Blame Copy Permalink