ai-workspace-lab/xworkmate-bridge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
0fcaa845e1
xworkmate-bridge/.github/workflows/pipeline.yml
Haitao Pan 0fcaa845e1 ci: ship bridge via image ref artifact
2026-04-12 14:23:23 +08:00

259 lines
9.0 KiB
YAML
Raw Blame History

name: Pipeline
on:
pull_request:
branches: [main]
push:
branches: [main]
workflow_dispatch:
inputs:
target_host:
description: "Ansible inventory host or alias"
required: false
default: "jp-xhttp-contabo.svc.plus"
type: string
run_apply:
description: "Apply deployment (false = dry-run)"
required: true
default: true
type: boolean
internal_service_token:
description: "Optional ACP auth token for deploy"
required: false
default: ""
type: string
permissions:
contents: read
packages: write
concurrency:
group: pipeline-${{ github.ref }}
cancel-in-progress: true
defaults:
run:
shell: bash
env:
DEFAULT_TARGET_HOST: jp-xhttp-contabo.svc.plus
jobs:
prep:
name: Prep
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up Go
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
with:
go-version-file: go.mod
cache: true
- name: Install golangci-lint
run: |
GOBIN="$(go env GOPATH)/bin"
go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.64.8
echo "${GOBIN}" >> "$GITHUB_PATH"
- name: Run lint and tests
run: bash ./scripts/github-actions/prep.sh
build:
name: Build
needs: prep
runs-on: ubuntu-latest
env:
SERVICE_REGISTRY: ghcr.io
SERVICE_IMAGE_REPO_OWNER: ${{ vars.IMAGE_REPO_OWNER || github.repository_owner }}
SERVICE_IMAGE_NAME: xworkmate-bridge
outputs:
artifact_name: ${{ steps.artifact_meta.outputs.artifact_name }}
service_image_ref: ${{ steps.service_ref.outputs.image_ref }}
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up QEMU
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
- name: Log in to GHCR
if: ${{ github.event_name != 'pull_request' }}
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ vars.GHCR_USERNAME || github.repository_owner }}
password: ${{ secrets.GHCR_TOKEN || github.token }}
- name: Resolve service image ref
id: service_ref
run: |
set -euo pipefail
image_repo="${SERVICE_REGISTRY}/${SERVICE_IMAGE_REPO_OWNER}/${SERVICE_IMAGE_NAME}"
image_tag="${GITHUB_SHA}"
image_ref="${image_repo}:${image_tag}"
echo "image_repo=${image_repo}" >> "$GITHUB_OUTPUT"
echo "image_tag=${image_tag}" >> "$GITHUB_OUTPUT"
echo "image_ref=${image_ref}" >> "$GITHUB_OUTPUT"
- name: Build and optionally push service image
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
with:
context: .
file: Dockerfile
platforms: linux/amd64
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.service_ref.outputs.image_ref }}
- name: Write image ref artifact
run: |
set -euo pipefail
mkdir -p dist
printf '%s\n' "${{ steps.service_ref.outputs.image_ref }}" > dist/service-image-ref.txt
- name: Record artifact metadata
id: artifact_meta
run: echo "artifact_name=xworkmate-bridge-service-image-${GITHUB_SHA}" >> "$GITHUB_OUTPUT"
- name: Upload image ref artifact
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
with:
name: ${{ steps.artifact_meta.outputs.artifact_name }}
path: dist/service-image-ref.txt
deploy:
name: Deploy
needs: build
if: ${{ github.event_name != 'pull_request' }}
runs-on: ubuntu-latest
outputs:
run_apply: ${{ steps.deploy_meta.outputs.run_apply }}
env:
INTERNAL_SERVICE_TOKEN: ${{ github.event_name == 'workflow_dispatch' && inputs.internal_service_token || secrets.INTERNAL_SERVICE_TOKEN }}
GHCR_USERNAME: ${{ vars.GHCR_USERNAME || github.repository_owner }}
GHCR_PASSWORD: ${{ secrets.GHCR_TOKEN || github.token }}
steps:
- name: Checkout service repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
path: xworkmate-bridge
- name: Checkout playbooks repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
repository: x-evor/playbooks
token: ${{ secrets.WORKSPACE_REPO_TOKEN || github.token }}
path: playbooks
- name: Download build image ref artifact
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4
with:
name: ${{ needs.build.outputs.artifact_name }}
path: xworkmate-bridge/dist/image-artifact
- name: Set up Python
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
with:
python-version: "3.11"
- name: Install Ansible runtime
run: |
python -m pip install --upgrade pip
python -m pip install "ansible-core==2.18.3"
- name: Resolve deployment settings
id: deploy_meta
run: |
if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
target_host="${{ inputs.target_host }}"
run_apply="${{ inputs.run_apply }}"
else
target_host="${DEFAULT_TARGET_HOST}"
run_apply="true"
fi
if [[ -z "${target_host}" ]]; then
target_host="${DEFAULT_TARGET_HOST}"
fi
echo "target_host=${target_host}" >> "$GITHUB_OUTPUT"
echo "run_apply=${run_apply}" >> "$GITHUB_OUTPUT"
- name: Prepare runner SSH access
working-directory: xworkmate-bridge
env:
SINGLE_NODE_VPS_SSH_PRIVATE_KEY: ${{ secrets.SINGLE_NODE_VPS_SSH_PRIVATE_KEY }}
SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }}
run: bash ./scripts/github-actions/prepare-ssh.sh "${{ steps.deploy_meta.outputs.target_host }}" "${SSH_KNOWN_HOSTS}"
- name: Run Ansible deploy playbook
working-directory: xworkmate-bridge
env:
INTERNAL_SERVICE_TOKEN: ${{ env.INTERNAL_SERVICE_TOKEN }}
GHCR_USERNAME: ${{ env.GHCR_USERNAME }}
GHCR_PASSWORD: ${{ env.GHCR_PASSWORD }}
XWORKMATE_BRIDGE_IMAGE_ARTIFACT_PATH: ${{ github.workspace }}/xworkmate-bridge/dist/image-artifact/service-image-ref.txt
run: bash ./scripts/github-actions/deploy.sh "${{ steps.deploy_meta.outputs.target_host }}" "${{ steps.deploy_meta.outputs.run_apply }}" ../playbooks
publish_release:
name: Publish GitHub Release
needs: build
if: ${{ github.event_name != 'pull_request' }}
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Download image ref artifact
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4
with:
name: ${{ needs.build.outputs.artifact_name }}
path: dist
- name: Resolve release metadata
id: release_meta
run: |
short_sha="${GITHUB_SHA::7}"
tag="main-${short_sha}"
title="main ${short_sha}"
echo "tag=${tag}" >> "$GITHUB_OUTPUT"
echo "title=${title}" >> "$GITHUB_OUTPUT"
- name: Publish GitHub release
env:
GITHUB_TOKEN: ${{ github.token }}
run: |
gh release create "${{ steps.release_meta.outputs.tag }}" \
dist/service-image-ref.txt#xworkmate-bridge-service-image-ref.txt \
--repo "${{ github.repository }}" \
--target "${{ github.sha }}" \
--title "${{ steps.release_meta.outputs.title }}" \
--notes "Automated release for ${GITHUB_SHA}."
validate:
name: Validate
needs:
- build
- deploy
if: ${{ needs.deploy.result == 'success' && needs.deploy.outputs.run_apply == 'true' }}
runs-on: ubuntu-latest
env:
BRIDGE_SERVER_URL: https://xworkmate-bridge.svc.plus
OPENCLAW_URL: wss://openclaw.svc.plus
CODEX_RPC_URL: https://acp-server.svc.plus/codex/acp/rpc
OPENCODE_RPC_URL: https://acp-server.svc.plus/opencode/acp/rpc
GEMINI_RPC_URL: https://acp-server.svc.plus/gemini/acp/rpc
INTERNAL_SERVICE_TOKEN: ${{ secrets.INTERNAL_SERVICE_TOKEN }}
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Validate deployed endpoints
run: bash ./scripts/github-actions/validate-deploy.sh "${{ needs.build.outputs.service_image_ref }}" "${BRIDGE_SERVER_URL}" "${OPENCLAW_URL}" "${CODEX_RPC_URL}" "${OPENCODE_RPC_URL}" "${GEMINI_RPC_URL}" "${INTERNAL_SERVICE_TOKEN}"
Reference in New Issue View Git Blame Copy Permalink