flxbl/sfp-server-mangement-template
22
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use Docker image for CLI instead of Gitea DEB download

Browse Source 
Run sfp CLI directly from inside the pulled server image via
docker run, removing the need for a separate GITEA_TOKEN and
CLI download step. Default TLS mode changed to letsencrypt.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
azlam-salam
2026-04-14 11:20:31 +10:00
parent 718cb1c4e1
commit 44020ee09f
6 changed files with 127 additions and 252 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/check-update.yml
+22 -117
View File
@@ -1,4 +1,4 @@
name: Check for Updates
name: Check Deployed Version
on:
schedule:
@@ -7,38 +7,10 @@ on:
jobs:
check:
name: 'Check for new version'
name: 'Check deployed version'
runs-on: ubuntu-latest
steps:
- name: Check latest version on Gitea
id: check
env:
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
run: |
echo "Checking for latest SFP Server release..."
RELEASE_INFO=$(curl -sf -H "Authorization: token $GITEA_TOKEN" \
"https://source.flxbl.io/api/v1/repos/flxbl/sfp-pro/releases?limit=10")
if [ $? -ne 0 ] || [ -z "$RELEASE_INFO" ]; then
echo "Failed to fetch releases from Gitea API"
exit 1
fi
# Get latest non-draft release
LATEST_TAG=$(echo "$RELEASE_INFO" | jq -r '[.[] | select(.draft == false)] | first | .tag_name // "unknown"')
LATEST_DATE=$(echo "$RELEASE_INFO" | jq -r '[.[] | select(.draft == false)] | first | .published_at // "unknown"')
LATEST_BODY=$(echo "$RELEASE_INFO" | jq -r '[.[] | select(.draft == false)] | first | .body // ""')
echo "latest_tag=$LATEST_TAG" >> $GITHUB_OUTPUT
echo "latest_date=$LATEST_DATE" >> $GITHUB_OUTPUT
# Save release body for the issue
echo "$LATEST_BODY" > /tmp/release_notes.md
echo "Latest release: $LATEST_TAG (published: $LATEST_DATE)"
- name: Check current deployed version
id: current
env:
@@ -50,7 +22,7 @@ jobs:
BASE_DIR="${{ vars.BASE_DIR || './sfp-server' }}"
if [ -z "$SSH_HOST" ] || [ -z "$SSH_PRIVATE_KEY" ]; then
echo "SSH not configured, skipping deployed version check"
echo "SSH not configured, cannot check deployed version"
echo "current_tag=unknown" >> $GITHUB_OUTPUT
exit 0
fi
@@ -64,102 +36,35 @@ jobs:
"grep '^IMAGE_TAG=' ${BASE_DIR}/tenants/${TENANT}/.env 2>/dev/null | cut -d= -f2" \
2>/dev/null || echo "unknown")
CURRENT_FQDN=$(ssh -i ~/.ssh/deploy_key "$SSH_USER@$SSH_HOST" \
"grep '^IMAGE_FQDN=' ${BASE_DIR}/tenants/${TENANT}/.env 2>/dev/null | cut -d= -f2" \
2>/dev/null || echo "unknown")
echo "current_tag=$CURRENT_TAG" >> $GITHUB_OUTPUT
echo "Currently deployed: $CURRENT_TAG"
echo "current_fqdn=$CURRENT_FQDN" >> $GITHUB_OUTPUT
echo "Currently deployed: $CURRENT_FQDN:$CURRENT_TAG"
- name: Generate summary
run: |
LATEST="${{ steps.check.outputs.latest_tag }}"
CURRENT="${{ steps.current.outputs.current_tag }}"
CURRENT_TAG="${{ steps.current.outputs.current_tag }}"
CURRENT_FQDN="${{ steps.current.outputs.current_fqdn }}"
CONFIGURED_TAG="${{ vars.IMAGE_TAG || 'latest' }}"
CONFIGURED_FQDN="${{ vars.IMAGE_FQDN }}"
echo "## SFP Server Version Check" >> $GITHUB_STEP_SUMMARY
echo "## SFP Server Version Status" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "| | Version |" >> $GITHUB_STEP_SUMMARY
echo "|---|---------|" >> $GITHUB_STEP_SUMMARY
echo "| Latest Available | \`$LATEST\` |" >> $GITHUB_STEP_SUMMARY
echo "| Currently Deployed | \`$CURRENT\` |" >> $GITHUB_STEP_SUMMARY
echo "| | Image | Tag |" >> $GITHUB_STEP_SUMMARY
echo "|---|-------|-----|" >> $GITHUB_STEP_SUMMARY
echo "| **Deployed** | \`$CURRENT_FQDN\` | \`$CURRENT_TAG\` |" >> $GITHUB_STEP_SUMMARY
echo "| **Configured** | \`$CONFIGURED_FQDN\` | \`$CONFIGURED_TAG\` |" >> $GITHUB_STEP_SUMMARY
if [ "$LATEST" != "$CURRENT" ] && [ "$CURRENT" != "unknown" ] && [ "$LATEST" != "unknown" ]; then
if [ "$CURRENT_TAG" != "$CONFIGURED_TAG" ] && [ "$CURRENT_TAG" != "unknown" ]; then
echo "" >> $GITHUB_STEP_SUMMARY
echo "A newer version is available. Run the **Update SFP Server** workflow to update." >> $GITHUB_STEP_SUMMARY
elif [ "$CURRENT" = "unknown" ]; then
echo "Deployed version differs from configured version. Run the **Update SFP Server** workflow to update." >> $GITHUB_STEP_SUMMARY
elif [ "$CURRENT_TAG" = "unknown" ]; then
echo "" >> $GITHUB_STEP_SUMMARY
echo "Could not determine currently deployed version." >> $GITHUB_STEP_SUMMARY
else
echo "" >> $GITHUB_STEP_SUMMARY
echo "Server is up to date." >> $GITHUB_STEP_SUMMARY
echo "Server is running the configured version." >> $GITHUB_STEP_SUMMARY
fi
- name: Create or update issue if update available
if: steps.check.outputs.latest_tag != steps.current.outputs.current_tag && steps.current.outputs.current_tag != 'unknown' && steps.check.outputs.latest_tag != 'unknown'
uses: actions/github-script@v7
with:
script: |
const title = 'New SFP Server Version Available';
const latest = '${{ steps.check.outputs.latest_tag }}';
const current = '${{ steps.current.outputs.current_tag }}';
const fs = require('fs');
const releaseNotes = fs.existsSync('/tmp/release_notes.md')
? fs.readFileSync('/tmp/release_notes.md', 'utf8')
: '';
const body = [
`## New Version Available`,
``,
`| | Version |`,
`|---|---------|`,
`| **Latest** | \`${latest}\` |`,
`| **Current** | \`${current}\` |`,
``,
`### How to Update`,
`1. Go to **Actions** > **Update SFP Server**`,
`2. Click **Run workflow**`,
`3. Optionally specify the docker tag: \`${latest}\``,
``,
releaseNotes ? `### Release Notes\n\n${releaseNotes}` : '',
``,
`---`,
`*This issue was automatically created by the version check workflow.*`
].join('\n');
// Check for existing open issue
const issues = await github.rest.issues.listForRepo({
owner: context.repo.owner,
repo: context.repo.repo,
state: 'open',
labels: 'update-available',
});
const existing = issues.data.find(i => i.title === title);
if (existing) {
await github.rest.issues.update({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: existing.number,
body: body,
});
console.log(`Updated issue #${existing.number}`);
} else {
// Create label if it doesn't exist
try {
await github.rest.issues.createLabel({
owner: context.repo.owner,
repo: context.repo.repo,
name: 'update-available',
color: '0075ca',
description: 'A new SFP Server version is available',
});
} catch (e) {
// Label may already exist
}
const issue = await github.rest.issues.create({
owner: context.repo.owner,
repo: context.repo.repo,
title: title,
body: body,
labels: ['update-available'],
});
console.log(`Created issue #${issue.data.number}`);
}
.github/workflows/init.yml
+25 -27
View File
@@ -11,9 +11,9 @@ on:
description: 'TLS certificate mode'
type: choice
options:
- 'custom'
- 'letsencrypt'
default: 'custom'
- 'custom'
default: 'letsencrypt'
jobs:
init:
@@ -31,6 +31,7 @@ jobs:
[ -z "${{ vars.TENANT_NAME }}" ] && MISSING="$MISSING TENANT_NAME"
[ -z "${{ vars.DOMAIN }}" ] && MISSING="$MISSING DOMAIN"
[ -z "${{ vars.DOCKER_REGISTRY }}" ] && MISSING="$MISSING DOCKER_REGISTRY"
[ -z "${{ vars.IMAGE_FQDN }}" ] && MISSING="$MISSING IMAGE_FQDN"
if [ -n "$MISSING" ]; then
echo "Missing required GitHub Variables:$MISSING"
@@ -40,12 +41,15 @@ jobs:
fi
- name: Setup SFP CLI and SSH
id: setup
uses: ./.github/actions/setup-sfp
with:
gitea-token: ${{ secrets.GITEA_TOKEN }}
docker-registry: ${{ vars.DOCKER_REGISTRY }}
docker-registry-token: ${{ secrets.DOCKER_REGISTRY_TOKEN }}
image-fqdn: ${{ vars.IMAGE_FQDN }}
image-tag: ${{ vars.IMAGE_TAG || 'latest' }}
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
ssh-host: ${{ vars.SSH_HOST }}
cli-version: ${{ vars.SFP_CLI_VERSION || 'latest' }}
- name: Initialize server
env:
@@ -53,6 +57,7 @@ jobs:
DOCKER_REGISTRY_TOKEN: ${{ secrets.DOCKER_REGISTRY_TOKEN }}
ORIGIN_CERT: ${{ secrets.ORIGIN_CERT }}
ORIGIN_KEY: ${{ secrets.ORIGIN_KEY }}
SFP_IMAGE: ${{ steps.setup.outputs.sfp-image }}
run: |
TENANT="${{ vars.TENANT_NAME }}"
DOMAIN="${{ vars.DOMAIN }}"
@@ -61,6 +66,8 @@ jobs:
TLS_MODE="${{ inputs.tls_mode }}"
WORKERS="${{ vars.WORKERS || '1' }}"
BASE_DIR="${{ vars.BASE_DIR || './sfp-server' }}"
IMAGE_FQDN="${{ vars.IMAGE_FQDN }}"
IMAGE_TAG="${{ vars.IMAGE_TAG || 'latest' }}"
echo "Initializing SFP Server"
echo " Tenant: $TENANT"
@@ -68,7 +75,7 @@ jobs:
echo " Host: $SSH_HOST"
echo " TLS Mode: $TLS_MODE"
echo " Workers: $WORKERS"
echo " Registry: $DOCKER_REGISTRY"
echo " Image: $SFP_IMAGE"
# Build the init command
INIT_CMD="sfp server init"
@@ -82,38 +89,30 @@ jobs:
INIT_CMD="$INIT_CMD --secrets-provider custom"
INIT_CMD="$INIT_CMD --no-interactive"
INIT_CMD="$INIT_CMD --ssh-connection \"$SSH_USER@$SSH_HOST\""
INIT_CMD="$INIT_CMD --identity-file ~/.ssh/deploy_key"
INIT_CMD="$INIT_CMD --identity-file /root/.ssh/deploy_key"
INIT_CMD="$INIT_CMD --image \"${IMAGE_FQDN}:${IMAGE_TAG}\""
# Add image override if IMAGE_FQDN is configured
IMAGE_FQDN="${{ vars.IMAGE_FQDN }}"
IMAGE_TAG="${{ vars.IMAGE_TAG || 'latest' }}"
if [ -n "$IMAGE_FQDN" ]; then
INIT_CMD="$INIT_CMD --image \"${IMAGE_FQDN}:${IMAGE_TAG}\""
fi
# Add force flag if requested
if [ "${{ inputs.force }}" = "true" ]; then
INIT_CMD="$INIT_CMD --force"
fi
eval "$INIT_CMD"
# Run sfp CLI from inside the Docker image
docker run --rm \
-v ~/.ssh/deploy_key:/root/.ssh/deploy_key:ro \
-v ~/.ssh/known_hosts:/root/.ssh/known_hosts:ro \
-e DOCKER_REGISTRY \
-e DOCKER_REGISTRY_TOKEN \
-e ORIGIN_CERT \
-e ORIGIN_KEY \
"$SFP_IMAGE" \
bash -c "$INIT_CMD"
- name: Output init results
if: always()
run: |
TENANT="${{ vars.TENANT_NAME }}"
RESULT_FILE="sfp-server-init-${TENANT}.json"
echo "## SFP Server Initialization" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
if [ -f "$RESULT_FILE" ]; then
echo "### Results" >> $GITHUB_STEP_SUMMARY
echo '```json' >> $GITHUB_STEP_SUMMARY
cat "$RESULT_FILE" | jq '.' >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
fi
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Configuration" >> $GITHUB_STEP_SUMMARY
echo "| Setting | Value |" >> $GITHUB_STEP_SUMMARY
@@ -122,8 +121,7 @@ jobs:
echo "| Domain | ${{ vars.DOMAIN }} |" >> $GITHUB_STEP_SUMMARY
echo "| Host | ${{ vars.SSH_HOST }} |" >> $GITHUB_STEP_SUMMARY
echo "| TLS Mode | ${{ inputs.tls_mode }} |" >> $GITHUB_STEP_SUMMARY
echo "| Registry | ${{ vars.DOCKER_REGISTRY }} |" >> $GITHUB_STEP_SUMMARY
echo "| Image | ${{ steps.setup.outputs.sfp-image }} |" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Next Steps" >> $GITHUB_STEP_SUMMARY
echo "1. Verify the server is accessible at \`https://${{ vars.DOMAIN }}\`" >> $GITHUB_STEP_SUMMARY
.github/workflows/update.yml
+29 -17
View File
@@ -35,6 +35,7 @@ jobs:
[ -z "${{ vars.SSH_HOST }}" ] && MISSING="$MISSING SSH_HOST"
[ -z "${{ vars.TENANT_NAME }}" ] && MISSING="$MISSING TENANT_NAME"
[ -z "${{ vars.DOCKER_REGISTRY }}" ] && MISSING="$MISSING DOCKER_REGISTRY"
[ -z "${{ vars.IMAGE_FQDN }}" ] && MISSING="$MISSING IMAGE_FQDN"
if [ -n "$MISSING" ]; then
echo "Missing required GitHub Variables:$MISSING"
@@ -43,35 +44,43 @@ jobs:
exit 1
fi
- name: Resolve image tag
id: resolve
run: |
TAG="${{ inputs.docker_tag }}"
if [ -z "$TAG" ]; then
TAG="${{ vars.IMAGE_TAG || 'latest' }}"
fi
echo "tag=$TAG" >> $GITHUB_OUTPUT
- name: Setup SFP CLI and SSH
id: setup
uses: ./.github/actions/setup-sfp
with:
gitea-token: ${{ secrets.GITEA_TOKEN }}
docker-registry: ${{ vars.DOCKER_REGISTRY }}
docker-registry-token: ${{ secrets.DOCKER_REGISTRY_TOKEN }}
image-fqdn: ${{ vars.IMAGE_FQDN }}
image-tag: ${{ steps.resolve.outputs.tag }}
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
ssh-host: ${{ vars.SSH_HOST }}
cli-version: ${{ vars.SFP_CLI_VERSION || 'latest' }}
- name: Update server
env:
DOCKER_REGISTRY: ${{ vars.DOCKER_REGISTRY }}
DOCKER_REGISTRY_TOKEN: ${{ secrets.DOCKER_REGISTRY_TOKEN }}
SFP_IMAGE: ${{ steps.setup.outputs.sfp-image }}
run: |
TENANT="${{ vars.TENANT_NAME }}"
SSH_USER="${{ vars.SSH_USER || 'root' }}"
SSH_HOST="${{ vars.SSH_HOST }}"
BASE_DIR="${{ vars.BASE_DIR || './sfp-server' }}"
# Resolve image tag: workflow input > variable > "latest"
TAG="${{ inputs.docker_tag }}"
if [ -z "$TAG" ]; then
TAG="${{ vars.IMAGE_TAG || 'latest' }}"
fi
TAG="${{ steps.resolve.outputs.tag }}"
echo "Updating SFP Server"
echo " Tenant: $TENANT"
echo " Host: $SSH_HOST"
echo " Tag: $TAG"
echo " Registry: $DOCKER_REGISTRY"
echo " Image: $SFP_IMAGE"
# Build the update command
UPDATE_CMD="sfp server update"
@@ -79,7 +88,7 @@ jobs:
UPDATE_CMD="$UPDATE_CMD --base-dir \"$BASE_DIR\""
UPDATE_CMD="$UPDATE_CMD --secrets-provider custom"
UPDATE_CMD="$UPDATE_CMD --ssh-connection \"$SSH_USER@$SSH_HOST\""
UPDATE_CMD="$UPDATE_CMD --identity-file ~/.ssh/deploy_key"
UPDATE_CMD="$UPDATE_CMD --identity-file /root/.ssh/deploy_key"
UPDATE_CMD="$UPDATE_CMD --docker-tag \"$TAG\""
if [ "${{ inputs.skip_drain }}" = "true" ]; then
@@ -92,15 +101,19 @@ jobs:
UPDATE_CMD="$UPDATE_CMD --skip-backup"
fi
eval "$UPDATE_CMD"
# Run sfp CLI from inside the Docker image
docker run --rm \
-v ~/.ssh/deploy_key:/root/.ssh/deploy_key:ro \
-v ~/.ssh/known_hosts:/root/.ssh/known_hosts:ro \
-e DOCKER_REGISTRY \
-e DOCKER_REGISTRY_TOKEN \
"$SFP_IMAGE" \
bash -c "$UPDATE_CMD"
- name: Output update results
if: always()
run: |
TAG="${{ inputs.docker_tag }}"
if [ -z "$TAG" ]; then
TAG="${{ vars.IMAGE_TAG || 'latest' }}"
fi
TAG="${{ steps.resolve.outputs.tag }}"
echo "## SFP Server Update" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
@@ -108,7 +121,6 @@ jobs:
echo "|---------|-------|" >> $GITHUB_STEP_SUMMARY
echo "| Tenant | ${{ vars.TENANT_NAME }} |" >> $GITHUB_STEP_SUMMARY
echo "| Host | ${{ vars.SSH_HOST }} |" >> $GITHUB_STEP_SUMMARY
echo "| Image Tag | $TAG |" >> $GITHUB_STEP_SUMMARY
echo "| Registry | ${{ vars.DOCKER_REGISTRY }} |" >> $GITHUB_STEP_SUMMARY
echo "| Image | ${{ steps.setup.outputs.sfp-image }} |" >> $GITHUB_STEP_SUMMARY
echo "| Skip Drain | ${{ inputs.skip_drain }} |" >> $GITHUB_STEP_SUMMARY
echo "| Skip Backup | ${{ inputs.skip_backup }} |" >> $GITHUB_STEP_SUMMARY