Cleaning up the CICD steps.

Signed-off-by: Cliff Hill <xlorep@darkhelm.org>
2025-10-27 08:59:27 -04:00
parent 85c936b096
commit f03938c2f2
2 changed files with 29 additions and 31 deletions
--- a/.gitea/workflows/cicd.yml
+++ b/.gitea/workflows/cicd.yml
@@ -12,42 +12,20 @@ jobs:
    runs-on: ubuntu-act

    steps:
-      - name: Checkout code
-        env:
-          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
-          GITHUB_WORKSPACE: ${{ github.workspace }}
-          GITHUB_SHA: ${{ github.sha }}
-        run: |
-          echo "=== Repository Checkout ==="
-          cd "${GITHUB_WORKSPACE}"
-          rm -rf ./* .git 2>/dev/null || true
-
-          # Set up SSH key
-          if [ -n "${SSH_PRIVATE_KEY}" ]; then
-            mkdir -p ~/.ssh
-            echo "${SSH_PRIVATE_KEY}" > ~/.ssh/id_rsa
-            chmod 600 ~/.ssh/id_rsa
-            ssh-keyscan -p 2222 dogar.darkhelm.org >> ~/.ssh/known_hosts 2>/dev/null
-          fi
-
-          # Clone repository
-          GIT_SSH_COMMAND="ssh -o StrictHostKeyChecking=no" \
-            git clone --depth 1 --branch main \
-            ssh://git@dogar.darkhelm.org:2222/DarkHelm.org/plex-playlist.git .
-
-          if [ -n "${GITHUB_SHA}" ]; then
-            git checkout "${GITHUB_SHA}" 2>/dev/null || echo "Using main branch HEAD"
-          fi
-          echo "✓ Repository checkout completed"
-
      - name: Build and push CICD image
        env:
          GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
+          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
+          GITHUB_SHA: ${{ github.sha }}
        run: |
          echo "=== Building CICD Image ==="

          # Build CICD image with all tools, code, and dependencies
-          docker build -f Dockerfile.cicd -t cicd:latest .
+          # Pass SSH key as build arg so Dockerfile can checkout repo
+          docker build -f Dockerfile.cicd \
+            --build-arg SSH_PRIVATE_KEY="$SSH_PRIVATE_KEY" \
+            --build-arg GITHUB_SHA="$GITHUB_SHA" \
+            -t cicd:latest .

          # Tag for Gitea container registry
          docker tag cicd:latest dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:latest
--- a/Dockerfile.cicd
+++ b/Dockerfile.cicd
@@ -32,11 +32,31 @@ RUN corepack enable \
 # Install uv package manager globally
 COPY --from=ghcr.io/astral-sh/uv:latest /uv /bin/uv

+# Accept build arguments for Git checkout
+ARG SSH_PRIVATE_KEY
+ARG GITHUB_SHA
+
 # Set working directory
 WORKDIR /workspace

-# Copy the entire project
-COPY . .
+# Set up SSH and clone repository
+RUN if [ -n "$SSH_PRIVATE_KEY" ]; then \
+        mkdir -p ~/.ssh && \
+        echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa && \
+        chmod 600 ~/.ssh/id_rsa && \
+        ssh-keyscan -p 2222 dogar.darkhelm.org >> ~/.ssh/known_hosts 2>/dev/null; \
+    fi
+
+# Clone repository
+RUN GIT_SSH_COMMAND="ssh -o StrictHostKeyChecking=no" \
+    git clone --depth 1 --branch main \
+    ssh://git@dogar.darkhelm.org:2222/DarkHelm.org/plex-playlist.git . && \
+    if [ -n "$GITHUB_SHA" ]; then \
+        git checkout "$GITHUB_SHA" 2>/dev/null || echo "Using main branch HEAD"; \
+    fi
+
+# Clean up SSH key for security
+RUN rm -rf ~/.ssh

 # Set up Python environment for backend
 WORKDIR /workspace/backend