Donavan Fritz
69512391ff
The existing garage Service round-robined S3 across all three garage pods, including the gateway. The gateway pod uses an emptyDir for /data, so its in-memory auth table is unreliable after restart — site-publish runs hit intermittent 'Forbidden: No such key' errors during aws s3 sync. The new garage-s3 Service in fritzlab/apps@d9aa376 selects only garage-role=data pods (nas001 + nas002), bypassing the gateway entirely.
64 lines
2.4 KiB
YAML
64 lines
2.4 KiB
YAML
name: Publish Site
|
|
description: Build and deploy a static-content site (static, hugo, mkdocs) to Garage S3 with Traefik + cert-manager. Containerized apps should use action/image-build + action/image-push + action/image-deploy.
|
|
inputs:
|
|
token:
|
|
description: Gitea token (ci-bot) for apps repo push and API operations
|
|
required: true
|
|
s3-access-key:
|
|
description: Garage ci-deploy-key access key id
|
|
required: true
|
|
s3-secret-key:
|
|
description: Garage ci-deploy-key secret access key
|
|
required: true
|
|
s3-endpoint:
|
|
# Targets garage-s3 (data-only Service) so requests do not round-robin onto
|
|
# the gateway pod, whose emptyDir-backed metadata view intermittently
|
|
# returns "No such key" through the S3 API.
|
|
description: Garage S3 endpoint URL
|
|
required: false
|
|
default: http://garage-s3.storage.svc:3900
|
|
garage-admin-token:
|
|
description: Garage admin API token (required only when site.yaml has aliases — used to reconcile bucket globalAliases)
|
|
required: false
|
|
garage-admin-endpoint:
|
|
description: Garage admin API endpoint URL
|
|
required: false
|
|
default: http://garage.storage.svc:3903
|
|
username:
|
|
description: Gitea username for git operations
|
|
required: false
|
|
default: ci-bot
|
|
runs:
|
|
using: composite
|
|
steps:
|
|
- name: Setup
|
|
shell: bash
|
|
run: python3 ${{ github.action_path }}/scripts/setup.py
|
|
|
|
- name: Build
|
|
shell: bash
|
|
run: python3 ${{ github.action_path }}/scripts/publish.py build
|
|
env:
|
|
SITE_REPO: ${{ github.repository }}
|
|
SITE_DIR: ${{ github.workspace }}
|
|
ACTION_DIR: ${{ github.action_path }}
|
|
GITHUB_RUN_NUMBER: ${{ github.run_number }}
|
|
CI_BOT_USER: ${{ inputs.username }}
|
|
|
|
- name: Deploy
|
|
shell: bash
|
|
run: python3 ${{ github.action_path }}/scripts/publish.py deploy
|
|
env:
|
|
SITE_REPO: ${{ github.repository }}
|
|
SITE_DIR: ${{ github.workspace }}
|
|
ACTION_DIR: ${{ github.action_path }}
|
|
CI_BOT_TOKEN: ${{ inputs.token }}
|
|
CI_BOT_USER: ${{ inputs.username }}
|
|
AWS_ACCESS_KEY_ID: ${{ inputs.s3-access-key }}
|
|
AWS_SECRET_ACCESS_KEY: ${{ inputs.s3-secret-key }}
|
|
AWS_DEFAULT_REGION: sjc001
|
|
GARAGE_S3_ENDPOINT: ${{ inputs.s3-endpoint }}
|
|
GARAGE_ADMIN_ENDPOINT: ${{ inputs.garage-admin-endpoint }}
|
|
GARAGE_ADMIN_TOKEN: ${{ inputs.garage-admin-token }}
|
|
GITHUB_RUN_NUMBER: ${{ github.run_number }}
|