diff --git a/README.md b/README.md index 0e58cb7..ab2ce59 100644 --- a/README.md +++ b/README.md @@ -1,47 +1,58 @@ -# stat-tackler-infra +# gitea-actions -Central deployment repository for the stat-tackler platform. All production releases are coordinated from here. +Reusable composite actions for Gitea CI/CD pipelines. -## How to cut a production release +## Actions -1. Update `releases/versions.yaml` with the semver tag you want deployed for each service. -2. Open a PR to `main` and merge it. -3. Publish a release in Gitea. The deploy workflow fires automatically and rolls out every service in the versions file. +### Docker -To skip a service in a given release, comment it out in `versions.yaml`. - -## Repository layout - -``` -.gitea/ - actions/kubectl/configure/ # Reusable kubectl setup action - workflows/ - deploy-prod.yaml # Coordinated production deployment -releases/ - versions.yaml # Source of truth for what is deployed to production -``` - -## Services - -| Service | Repo | +| Action | Description | |---|---| -| API | `stat-tackler-api` | -| Auth UI | `stat-tackler-auth` | -| Scorekeeper UI | `stat-tackler-scorekeeper` | -| Admin UI | `stat-tackler-admin` | -| Marketing site | `stat-tackler-marketing` | -| Email relay | `stat-tackler-email-relay` | -| MCP server | `stat-tackler-mcp` | +| [docker](.gitea/actions/docker/README.md) | Build a Docker image and push it to the Gitea container registry | -Each service owns its own Helm chart (`./helm/`) and handles its own staging deploys. This repo only manages coordinated production releases. +### Git -## Runner requirements - -The `helm` runner must have `helm`, `kubectl`, and `yq` available. - -## Required secrets - -| Secret | Purpose | +| Action | Description | |---|---| -| `K8S_TROWBRIDGE_K0S0_CONFIG` | Kubeconfig for the production cluster | -| `REGISTRY_AGENT_TOKEN` | Gitea token with read access to all service repos and the container registry | +| [git/create_tag](.gitea/actions/git/create_tag/README.md) | Create and push a git tag in the current repository | + +### Helm + +| Action | Description | +|---|---| +| [helm/diff](.gitea/actions/helm/diff/README.md) | Diff a Helm chart against a running deployment | +| [helm/set_deployment_image](.gitea/actions/helm/set_deployment_image/README.md) | Set the image for a Kubernetes deployment via Helm | +| [helm/template](.gitea/actions/helm/template/README.md) | Render a Helm chart for a deployment | +| [helm/upgrade](.gitea/actions/helm/upgrade/README.md) | Log in to an OCI registry and run `helm upgrade` for the chart in the current directory | + +### Infisical + +| Action | Description | +|---|---| +| [infisical/fetch-secret](.gitea/actions/infisical/fetch-secret/README.md) | Fetch a single secret value from Infisical using a machine identity token | + +### Infrastructure + +| Action | Description | +|---|---| +| [infra/update_version](.gitea/actions/infra/update_version/README.md) | Update a service tag in `stat-tackler-infra`'s `releases/versions.yaml` | + +### Kubernetes + +| Action | Description | +|---|---| +| [kubectl/configure](.gitea/actions/kubectl/configure/README.md) | Write a kubeconfig and configure `kubectl` | + +### Node + +| Action | Description | +|---|---| +| [node](.gitea/actions/node/README.md) | Install dependencies, build, and upload a build artifact | +| [test/npm](.gitea/actions/test/npm/README.md) | Install dependencies and run an npm test script | + +### Trivy + +| Action | Description | +|---|---| +| [trivy/image_scan](.gitea/actions/trivy/image_scan/README.md) | Scan a container image for vulnerabilities with Trivy | +| [trivy/namespace_scan](.gitea/actions/trivy/namespace_scan/README.md) | Scan a Kubernetes namespace for vulnerabilities with Trivy |