Use Docker image for CLI instead of Gitea DEB download

Run sfp CLI directly from inside the pulled server image via docker run, removing the need for a separate GITEA_TOKEN and CLI download step. Default TLS mode changed to letsencrypt. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-14 11:20:31 +10:00
parent 718cb1c4e1
commit 44020ee09f
6 changed files with 127 additions and 252 deletions
@@ -1,89 +1,62 @@
 name: 'Setup SFP CLI and SSH'
-description: 'Downloads SFP CLI from Gitea releases and configures SSH access to the target server'
+description: 'Pulls the SFP server Docker image and configures SSH access. The CLI is used directly from inside the container.'

 inputs:
-  gitea-token:
-    description: 'Token for authenticating to source.flxbl.io Gitea API'
+  docker-registry:
+    description: 'Docker registry hostname (e.g., ghcr.io, source.flxbl.io)'
    required: true
+  docker-registry-token:
+    description: 'Token for authenticating with the Docker registry'
+    required: true
+  docker-registry-user:
+    description: 'Username for Docker registry authentication'
+    required: false
+    default: 'sfp'
+  image-fqdn:
+    description: 'Full Docker image path (e.g., ghcr.io/flxbl-io/sfp-server-rc)'
+    required: true
+  image-tag:
+    description: 'Docker image tag'
+    required: false
+    default: 'latest'
  ssh-private-key:
    description: 'SSH private key for connecting to the remote server'
    required: true
  ssh-host:
    description: 'Hostname or IP of the target server'
    required: true
-  cli-version:
-    description: 'SFP CLI version to install (default: latest non-draft release)'
-    required: false
-    default: 'latest'
+
+outputs:
+  sfp-image:
+    description: 'Full Docker image reference that was pulled'
+    value: ${{ steps.pull.outputs.image }}

 runs:
  using: 'composite'
  steps:
-    - name: Install SFP CLI from Gitea
+    - name: Pull SFP server image
+      id: pull
      shell: bash
      env:
-        GITEA_TOKEN: ${{ inputs.gitea-token }}
-        CLI_VERSION: ${{ inputs.cli-version }}
+        DOCKER_REGISTRY: ${{ inputs.docker-registry }}
+        DOCKER_REGISTRY_TOKEN: ${{ inputs.docker-registry-token }}
+        DOCKER_REGISTRY_USER: ${{ inputs.docker-registry-user }}
+        IMAGE_FQDN: ${{ inputs.image-fqdn }}
+        IMAGE_TAG: ${{ inputs.image-tag }}
      run: |
-        echo "::group::Install SFP CLI"
+        echo "::group::Pull SFP server image"

-        GITEA_API="https://source.flxbl.io/api/v1/repos/flxbl/sfp-pro/releases"
+        echo "Logging in to $DOCKER_REGISTRY..."
+        echo "$DOCKER_REGISTRY_TOKEN" | docker login "$DOCKER_REGISTRY" -u "$DOCKER_REGISTRY_USER" --password-stdin

-        if [ "$CLI_VERSION" = "latest" ]; then
-          echo "Fetching latest release from Gitea..."
-          RELEASE_INFO=$(curl -sf -H "Authorization: token $GITEA_TOKEN" \
-            "${GITEA_API}?limit=10")
+        IMAGE="${IMAGE_FQDN}:${IMAGE_TAG}"
+        echo "Pulling $IMAGE..."
+        docker pull "$IMAGE"

-          if [ $? -ne 0 ] || [ -z "$RELEASE_INFO" ]; then
-            echo "Failed to fetch releases from Gitea API"
-            exit 1
-          fi
-
-          # Find first non-draft release that has a .deb asset
-          DEB_URL=$(echo "$RELEASE_INFO" | jq -r '
-            [.[] | select(.draft == false)] | first |
-            .assets[] | select(.name | test("_linux_amd64\\.deb$")) |
-            .browser_download_url')
-        else
-          echo "Fetching release matching version: $CLI_VERSION..."
-          RELEASE_INFO=$(curl -sf -H "Authorization: token $GITEA_TOKEN" \
-            "${GITEA_API}?limit=50")
-
-          if [ $? -ne 0 ] || [ -z "$RELEASE_INFO" ]; then
-            echo "Failed to fetch releases from Gitea API"
-            exit 1
-          fi
-
-          # Find release with matching version in asset names
-          DEB_URL=$(echo "$RELEASE_INFO" | jq -r --arg ver "$CLI_VERSION" '
-            [.[] | select(.draft == false) |
-             select(.assets[]? | .name | contains($ver))] | first |
-            .assets[] | select(.name | test("_linux_amd64\\.deb$")) |
-            .browser_download_url')
-        fi
-
-        if [ -z "$DEB_URL" ] || [ "$DEB_URL" = "null" ]; then
-          echo "No .deb package found for version: $CLI_VERSION"
-          echo "Available releases:"
-          echo "$RELEASE_INFO" | jq -r '[.[] | select(.draft == false)] | .[0:5] | .[] | "  - \(.tag_name): \([.assets[].name] | join(", "))"'
-          exit 1
-        fi
-
-        echo "Downloading SFP CLI from: $DEB_URL"
-        curl -L -f -H "Authorization: token $GITEA_TOKEN" -o /tmp/sfp-pro.deb "$DEB_URL"
-
-        if [ $? -ne 0 ]; then
-          echo "Failed to download SFP CLI package"
-          exit 1
-        fi
-
-        echo "Installing SFP CLI..."
-        sudo dpkg -i /tmp/sfp-pro.deb || sudo apt-get install -f -y
-        rm -f /tmp/sfp-pro.deb
-
-        echo "SFP CLI installed:"
-        sfp --version
+        echo "Verifying sfp CLI inside image..."
+        docker run --rm "$IMAGE" sfp --version

+        echo "image=$IMAGE" >> $GITHUB_OUTPUT
        echo "::endgroup::"

    - name: Setup SSH