# action/image-deploy Composite Gitea Action that pins an image tag in `fritzlab/apps` via `kustomize edit set image`, validates the rendered manifests, and pushes to apps-repo `main`. Retries on push conflict. This is the standard "deploy" step for image producers (chrony, profiles, runner). After `image-build` + `image-push`, this writes the new tag into the GitOps target so ArgoCD can sync it. ## Usage ```yaml - uses: actions/checkout@v4 - uses: https://code.fritzlab.net/action/image-build@v1 with: image: code.fritzlab.net/fritzlab/chrony smoke-test: docker run --rm --entrypoint /usr/sbin/chronyd $IMAGE -v - uses: https://code.fritzlab.net/action/image-push@v1 with: image: code.fritzlab.net/fritzlab/chrony token: ${{ secrets.CI_BOT_TOKEN }} org: fritzlab name: chrony - uses: https://code.fritzlab.net/action/image-deploy@v1 with: image: code.fritzlab.net/fritzlab/chrony path: sjc001/infra/chrony/manifests token: ${{ secrets.CI_BOT_TOKEN }} ``` ## Inputs | Name | Required | Default | Description | |---|---|---|---| | `image` | yes | — | Full image name without tag. Must match an entry already in the target `kustomization.yaml` `images:` block. | | `tag` | no | `github.run_number` | Tag to pin. | | `path` | yes | — | Path inside `fritzlab/apps` to the manifests dir (e.g. `sjc001/infra/chrony/manifests`). | | `token` | yes | — | `CI_BOT_TOKEN` with write access to `fritzlab/apps`. | | `apps-repo` | no | `code.fritzlab.net/fritzlab/apps` | Apps repo URL without protocol. | | `message` | no | `deploy #` | Commit message override. | ## Behavior 1. Shallow-clone `fritzlab/apps` to a temp dir. 2. `cd ` and run `kustomize edit set image =:`. 3. Run `kustomize build .` to validate the manifests still render. **Fails the workflow if validation breaks** — apps repo is left untouched. 4. If no diff (apps repo already on this tag): exit 0 silently. 5. Otherwise commit + push to `main`. On push rejection (concurrent CI race), `git pull --rebase` and retry up to 3 times with linear backoff. ## Notes - The image entry must already exist in `kustomization.yaml`. This action only updates the tag; it does not add or remove image entries. To switch image registry paths, edit `kustomization.yaml` by hand once, commit, then let CI resume. - `git diff --quiet` skip means re-running the same CI run (or an earlier run) is idempotent.