From 02b2408772c602975ab429e5d7ad038d5871715d Mon Sep 17 00:00:00 2001 From: OpenClaw Deployer Date: Wed, 18 Feb 2026 12:40:00 +0000 Subject: [PATCH] =?UTF-8?q?ci:=20staged=20deployment=20=E2=80=94=20push=20?= =?UTF-8?q?to=20main=E2=86=92staging,=20git=20tag=E2=86=92prod?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Push to main builds ARM64 image and deploys to docfast-staging namespace - Push a version tag (v*) promotes latest image to docfast namespace (prod) - Both use same deployer SA with namespace-scoped RBAC --- .forgejo/workflows/deploy.yml | 14 ++++----- .forgejo/workflows/promote.yml | 53 ++++++++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+), 7 deletions(-) create mode 100644 .forgejo/workflows/promote.yml diff --git a/.forgejo/workflows/deploy.yml b/.forgejo/workflows/deploy.yml index 38a6336..9dff451 100644 --- a/.forgejo/workflows/deploy.yml +++ b/.forgejo/workflows/deploy.yml @@ -1,12 +1,12 @@ -name: Build & Deploy to K3s +name: Build & Deploy to Staging on: push: branches: [ main ] jobs: - build-and-deploy: - name: Build & Deploy + build-and-stage: + name: Build & Deploy to Staging runs-on: ubuntu-latest steps: @@ -36,7 +36,7 @@ jobs: git.cloonar.com/openclawd/docfast:${{ github.sha }} platforms: linux/arm64 - - name: Deploy to K3s + - name: Deploy to Staging run: | curl -sLO "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" chmod +x kubectl @@ -45,9 +45,9 @@ jobs: ./kubectl set image deployment/docfast \ docfast=git.cloonar.com/openclawd/docfast:${{ github.sha }} \ - -n docfast --kubeconfig=/tmp/kubeconfig.yaml + -n docfast-staging --kubeconfig=/tmp/kubeconfig.yaml ./kubectl rollout status deployment/docfast \ - -n docfast --kubeconfig=/tmp/kubeconfig.yaml --timeout=180s + -n docfast-staging --kubeconfig=/tmp/kubeconfig.yaml --timeout=180s - echo "✅ Deploy complete!" + echo "✅ Staging deploy complete!" diff --git a/.forgejo/workflows/promote.yml b/.forgejo/workflows/promote.yml new file mode 100644 index 0000000..2fae872 --- /dev/null +++ b/.forgejo/workflows/promote.yml @@ -0,0 +1,53 @@ +name: Promote to Production + +on: + push: + tags: + - 'v*' + +jobs: + promote: + name: Deploy to Production + runs-on: ubuntu-latest + + steps: + - name: Install kubectl + run: | + curl -sLO "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" + chmod +x kubectl + + - name: Get image from tag + id: image + run: | + # Tag format: v0.2.1 or v0.2.1-rc1 + # The staging pipeline already pushed the image with the commit SHA + # We retag with the version tag for traceability + echo "tag=${{ github.ref_name }}" >> "$GITHUB_OUTPUT" + + - name: Login to Forgejo Registry + uses: docker/login-action@v3 + with: + registry: git.cloonar.com + username: openclawd + password: ${{ secrets.REGISTRY_TOKEN }} + + - name: Retag image for production + run: | + # Pull latest staging image and tag with version + docker pull --platform linux/arm64 git.cloonar.com/openclawd/docfast:latest + docker tag git.cloonar.com/openclawd/docfast:latest \ + git.cloonar.com/openclawd/docfast:${{ steps.image.outputs.tag }} + docker push git.cloonar.com/openclawd/docfast:${{ steps.image.outputs.tag }} + + - name: Deploy to Production + run: | + echo "${{ secrets.KUBECONFIG }}" | base64 -d > /tmp/kubeconfig.yaml + + ./kubectl set image deployment/docfast \ + docfast=git.cloonar.com/openclawd/docfast:${{ steps.image.outputs.tag }} \ + -n docfast --kubeconfig=/tmp/kubeconfig.yaml + + ./kubectl rollout status deployment/docfast \ + -n docfast --kubeconfig=/tmp/kubeconfig.yaml --timeout=180s + + echo "✅ Production deploy complete! Version: ${{ steps.image.outputs.tag }}"