Compare commits
2 Commits
0aad1e9bb0
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| 8e32d00d90 | |||
| 1b73fda11f |
@@ -29,3 +29,62 @@ jobs:
|
||||
terraform init -backend=false
|
||||
terraform validate
|
||||
working-directory: 2-nomad-config
|
||||
|
||||
nomad-validate:
|
||||
name: Nomad job spec validate
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Install Nomad CLI
|
||||
run: |
|
||||
curl -fsSL https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /usr/share/keyrings/hashicorp.gpg
|
||||
. /etc/os-release
|
||||
echo "deb [signed-by=/usr/share/keyrings/hashicorp.gpg] https://apt.releases.hashicorp.com ${VERSION_CODENAME} main" | tee /etc/apt/sources.list.d/hashicorp.list
|
||||
apt-get update && apt-get install -y nomad
|
||||
|
||||
- name: Validate all job specs
|
||||
env:
|
||||
NOMAD_ADDR: http://jaglan-beta-m20.lan:4646
|
||||
run: |
|
||||
find 2-nomad-config -name '*.nomad.hcl' | while read f; do
|
||||
echo "==> $f"
|
||||
nomad job validate "$f"
|
||||
done
|
||||
|
||||
image-pull:
|
||||
name: Docker image pull validation
|
||||
runs-on: ubuntu-latest
|
||||
# Only run on PRs that touch nomad job specs
|
||||
if: github.event_name == 'pull_request'
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Pull changed images
|
||||
run: |
|
||||
git fetch origin ${{ github.base_ref }}
|
||||
IMAGES=$(git diff origin/${{ github.base_ref }}...HEAD -- '*.nomad.hcl' \
|
||||
| grep '^+\s*image\s*=' \
|
||||
| grep -oP '"[^"]+:[^"]+"' \
|
||||
| tr -d '"' \
|
||||
| sort -u || true)
|
||||
|
||||
if [ -z "$IMAGES" ]; then
|
||||
echo "No image changes detected, skipping pull."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
FAILED=0
|
||||
while IFS= read -r image; do
|
||||
echo "==> Pulling $image"
|
||||
if ! docker pull "$image"; then
|
||||
echo "ERROR: Failed to pull $image"
|
||||
FAILED=1
|
||||
fi
|
||||
done <<< "$IMAGES"
|
||||
|
||||
exit $FAILED
|
||||
|
||||
@@ -29,7 +29,6 @@ job "act-runner" {
|
||||
|
||||
env = {
|
||||
GITEA_INSTANCE_URL = "https://gitea-1ef0bea6b75a4fd3e9393a9f7f7e4b02.othrayte.one"
|
||||
CONFIG_FILE = "/secrets/runner-config.yml"
|
||||
}
|
||||
|
||||
# Required SOPS key:
|
||||
@@ -43,19 +42,6 @@ EOF
|
||||
env = true
|
||||
}
|
||||
|
||||
# Limit which images/labels the runner will accept so it doesn't pick up
|
||||
# unrelated workloads if more runners are added later.
|
||||
template {
|
||||
data = <<EOF
|
||||
runner:
|
||||
labels:
|
||||
- "ubuntu-latest:docker://node:20-bookworm"
|
||||
- "ubuntu-22.04:docker://node:20-bookworm"
|
||||
- "ubuntu-24.04:docker://node:20-bookworm"
|
||||
EOF
|
||||
destination = "secrets/runner-config.yml"
|
||||
}
|
||||
|
||||
resources {
|
||||
cpu = 200
|
||||
memory = 256
|
||||
|
||||
@@ -295,8 +295,8 @@ exit 1
|
||||
|
||||
- [x] **Phase 1a**: Create `act-runner.nomad.hcl` + Terraform wrapper, register runner token in Gitea, get a hello-world workflow green
|
||||
- [x] **Phase 1b**: Add `terraform fmt` + `terraform validate -backend=false` workflow — no secrets needed
|
||||
- [ ] **Phase 1c**: Add Nomad validate step — add `NOMAD_ADDR` + read-only `NOMAD_TOKEN` to Gitea secrets
|
||||
- [ ] **Phase 2**: Add image pull validation step to the workflow
|
||||
- [x] **Phase 1c**: Add Nomad validate step — add `NOMAD_ADDR` + read-only `NOMAD_TOKEN` to Gitea secrets
|
||||
- [x] **Phase 2**: Add image pull validation step to the workflow
|
||||
- [ ] **Phase 3a**: Add `update` stanzas to ntfy and glance (simplest, no volume conflict)
|
||||
- [ ] **Phase 3b**: Add rolling `update` stanzas to remaining service jobs (jellyfin, sonarr, etc.)
|
||||
- [ ] **Phase 3c**: Add health checks to openreader and unifi before adding update stanzas
|
||||
|
||||
Reference in New Issue
Block a user