DarkHelm.org/plex-playlist
Public Access
2
0
Fork 0
Code Issues Pull Requests Actions 6 Packages Projects Releases Wiki Activity

Optimizing the build so that CICD doesn't take FOREVER to run.
Some checks failed
Tests / Build and Push CICD Base Image (push) Successful in 46m24s
Details
Tests / Build and Push CICD Complete Image (push) Failing after 1m6s
Details
Tests / TOML Syntax Check (push) Has been skipped
Details
Tests / Mixed Line Ending Check (push) Has been skipped
Details
Tests / TOML Formatting Check (push) Has been skipped
Details
Tests / Ruff Linting (push) Has been skipped
Details
Tests / Ruff Format Check (push) Has been skipped
Details
Tests / Pyright Type Check (push) Has been skipped
Details
Tests / Darglint Docstring Check (push) Has been skipped
Details
Tests / No Docstring Types Check (push) Has been skipped
Details
Tests / ESLint Check (push) Has been skipped
Details
Tests / Prettier Format Check (push) Has been skipped
Details
Tests / TypeScript Type Check (push) Has been skipped
Details
Tests / TSDoc Lint Check (push) Has been skipped
Details
Tests / Trailing Whitespace Check (push) Has been skipped
Details
Tests / End of File Check (push) Has been skipped
Details
Tests / YAML Syntax Check (push) Has been skipped
Details
Tests / End-to-End Tests (push) Has been skipped
Details
Tests / Backend Tests (push) Has been skipped
Details
Tests / Frontend Tests (push) Has been skipped
Details
Tests / Backend Doctests (push) Has been skipped
Details
Tests / Integration Tests (push) Has been skipped
Details

Browse Source 
Signed-off-by: Cliff Hill <xlorep@darkhelm.org>
This commit is contained in:
Xlorep DarkHelm
2025-10-31 09:09:46 -04:00
parent c5660e547a
commit 6df52238de
6 changed files with 793 additions and 140 deletions
Download Patch File Download Diff File Expand all files Collapse all files

122
.gitea/workflows/cicd.yml
View File

@@ -7,16 +7,106 @@ on:
branches: [ main, develop ]
jobs:
setup:
name: Build and Push CICD Image
setup-base:
name: Build and Push CICD Base Image
runs-on: ubuntu-act
steps:
- name: Minimal checkout for base Dockerfile
env:
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
run: |
echo "=== Minimal Repository Checkout for Base Dockerfile ==="
# Set up SSH key securely (temporary file approach)
if [ -n "${SSH_PRIVATE_KEY}" ]; then
mkdir -p ~/.ssh
echo "${SSH_PRIVATE_KEY}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
ssh-keyscan -p 2222 dogar.darkhelm.org >> ~/.ssh/known_hosts 2>/dev/null
fi
# Clone just enough to get the Dockerfile
GIT_SSH_COMMAND="ssh -o StrictHostKeyChecking=no" \
git clone --depth 1 --no-checkout \
ssh://git@dogar.darkhelm.org:2222/DarkHelm.org/plex-playlist.git .
# Checkout only the base Dockerfile and dockerignore
git checkout HEAD -- Dockerfile.cicd-base .dockerignore
# Clean up SSH key for security
rm -f ~/.ssh/id_rsa
echo "✓ Dockerfile.cicd-base ready for build"
- name: Check if base image needs rebuilding
id: check-base
env:
PACKAGE_ACCESS_TOKEN: ${{ secrets.PACKAGE_ACCESS_TOKEN }}
REGISTRY_USER: ${{ secrets.REGISTRY_USER || github.actor }}
run: |
echo "=== Checking if CICD Base Image Needs Rebuilding ==="
# Login to registry to check for existing image
echo "${PACKAGE_ACCESS_TOKEN}" | docker login dogar.darkhelm.org -u "${REGISTRY_USER}" --password-stdin
# Calculate hash of base Dockerfile for cache key
BASE_HASH=$(sha256sum Dockerfile.cicd-base | cut -d' ' -f1 | head -c16)
echo "Base Dockerfile hash: ${BASE_HASH}"
echo "base_hash=${BASE_HASH}" >> $GITHUB_OUTPUT
# Try to pull existing base image with this hash
if docker pull dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd-base:${BASE_HASH} 2>/dev/null; then
echo "✓ Base image with hash ${BASE_HASH} already exists, skipping build"
echo "needs_build=false" >> $GITHUB_OUTPUT
# Tag it as latest for the dependent job
docker tag dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd-base:${BASE_HASH} \
dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd-base:latest
docker push dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd-base:latest
else
echo "Base image with hash ${BASE_HASH} not found, will build new image"
echo "needs_build=true" >> $GITHUB_OUTPUT
fi
- name: Build and push base image
if: steps.check-base.outputs.needs_build == 'true'
env:
PACKAGE_ACCESS_TOKEN: ${{ secrets.PACKAGE_ACCESS_TOKEN }}
REGISTRY_USER: ${{ secrets.REGISTRY_USER || github.actor }}
BASE_HASH: ${{ steps.check-base.outputs.base_hash }}
run: |
echo "=== Building CICD Base Image ==="
# Enable Docker BuildKit
export DOCKER_BUILDKIT=1
# Build base image (no secrets needed for base dependencies)
docker build -f Dockerfile.cicd-base \
--build-arg BASE_IMAGE_VERSION="v1.0.0-${BASE_HASH}" \
-t cicd-base:latest .
# Tag for registry with hash and latest
docker tag cicd-base:latest dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd-base:${BASE_HASH}
docker tag cicd-base:latest dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd-base:latest
# Push to registry
echo "Pushing base images to registry..."
docker push dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd-base:${BASE_HASH}
docker push dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd-base:latest
echo "✓ CICD base image built and pushed with hash ${BASE_HASH}"
setup:
name: Build and Push CICD Complete Image
runs-on: ubuntu-act
needs: setup-base
steps:
- name: Minimal checkout for Dockerfile
env:
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
run: |
echo "=== Minimal Repository Checkout for Dockerfile ==="
echo "=== Minimal Repository Checkout for Complete Dockerfile ==="
# Set up SSH key securely (temporary file approach)
if [ -n "${SSH_PRIVATE_KEY}" ]; then
@@ -39,14 +129,17 @@ jobs:
echo "✓ Dockerfile.cicd ready for secure build"
- name: Build and push CICD image
- name: Build and push complete CICD image
env:
PACKAGE_ACCESS_TOKEN: ${{ secrets.PACKAGE_ACCESS_TOKEN }}
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
GITHUB_SHA: ${{ github.sha }}
REGISTRY_USER: ${{ secrets.REGISTRY_USER || github.actor }}
run: |
echo "=== Building CICD Image with Secure Secrets ==="
echo "=== Building Complete CICD Image with Secure Secrets ==="
# Login to registry
echo "${PACKAGE_ACCESS_TOKEN}" | docker login dogar.darkhelm.org -u "${REGISTRY_USER}" --password-stdin
# Create temporary SSH key file for BuildKit secrets
echo "${SSH_PRIVATE_KEY}" > /tmp/ssh_key
@@ -55,11 +148,12 @@ jobs:
# Enable Docker BuildKit for secrets support
export DOCKER_BUILDKIT=1
# Build CICD image using secure BuildKit secrets
# Build complete CICD image using secure BuildKit secrets, inheriting from base
# SSH key is mounted securely and never stored in image layers
docker build -f Dockerfile.cicd \
--secret id=ssh_private_key,src=/tmp/ssh_key \
--build-arg GITHUB_SHA="$GITHUB_SHA" \
--build-arg CICD_BASE_IMAGE="dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd-base:latest" \
-t cicd:latest .
# Clean up temporary SSH key file
@@ -69,24 +163,12 @@ jobs:
docker tag cicd:latest dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:latest
docker tag cicd:latest dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest}
# Login to Gitea container registry with enhanced debugging
echo "Attempting Docker login for user: ${REGISTRY_USER}"
if echo "${PACKAGE_ACCESS_TOKEN}" | docker login dogar.darkhelm.org -u "${REGISTRY_USER}" --password-stdin; then
echo "✓ Successfully logged into registry"
else
echo "❌ Failed to login to registry"
echo "Registry URL: dogar.darkhelm.org"
echo "Username: ${REGISTRY_USER}"
echo "Token length: ${#PACKAGE_ACCESS_TOKEN}"
exit 1
fi
# Push to registry
echo "Pushing images to registry..."
echo "Pushing complete CICD images to registry..."
docker push dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:latest
docker push dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest}
echo "✓ CICD image built and pushed to registry"
echo "✓ Complete CICD image built and pushed to registry"
# Pre-commit style checks - General file formatting
trailing-whitespace: