ci: auto-update infra image tags after Docker push (#70)

Adds a deploy job that runs after Docker images are pushed to GHCR. It checks out groombook/infra, updates all image SHA tags in the Kubernetes manifests, and commits directly to main. This ensures Flux always picks up new images after a successful build, preventing the previous issue where :latest tags caused no manifest diff and pods weren't updated. Requires INFRA_DEPLOY_TOKEN secret with push access to groombook/infra. Co-authored-by: Groom Book CTO <cto@groombook.dev> Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-03-19 20:18:04 +00:00
parent 19e0f5e3ca
commit 3b7b2b346f
1 changed files with 38 additions and 0 deletions
@@ -178,3 +178,41 @@ jobs:
            ghcr.io/groombook/web:latest
          cache-from: type=gha
          cache-to: type=gha,mode=max
+
+  deploy:
+    name: Update Infra Image Tags
+    runs-on: ubuntu-latest
+    needs: [docker]
+    if: github.ref == 'refs/heads/main'
+    steps:
+      - name: Checkout infra repo
+        uses: actions/checkout@v4
+        with:
+          repository: groombook/infra
+          token: ${{ secrets.INFRA_DEPLOY_TOKEN }}
+          path: infra
+
+      - name: Update image tags
+        run: |
+          cd infra
+          SHA="${{ github.sha }}"
+          sed -i "s|ghcr.io/groombook/api:[a-f0-9]\{40\}|ghcr.io/groombook/api:${SHA}|g" apps/groombook/api.yaml
+          sed -i "s|ghcr.io/groombook/web:[a-f0-9]\{40\}|ghcr.io/groombook/web:${SHA}|g" apps/groombook/web.yaml
+          sed -i "s|ghcr.io/groombook/migrate:[a-f0-9]\{40\}|ghcr.io/groombook/migrate:${SHA}|g" apps/groombook/migrate-job.yaml
+          sed -i "s|ghcr.io/groombook/seed:[a-f0-9]\{40\}|ghcr.io/groombook/seed:${SHA}|g" apps/groombook/seed-job.yaml
+          sed -i "s|groombook.dev/image-sha: \"[a-f0-9]\{40\}\"|groombook.dev/image-sha: \"${SHA}\"|g" apps/groombook/api.yaml apps/groombook/web.yaml
+
+      - name: Commit and push
+        run: |
+          cd infra
+          git config user.name "groombook-ci[bot]"
+          git config user.email "ci@groombook.dev"
+          if git diff --quiet; then
+            echo "No changes to commit"
+            exit 0
+          fi
+          git add -A
+          git commit -m "deploy: update images to groombook/groombook@${GITHUB_SHA::7}
+
+          Source: https://github.com/groombook/groombook/commit/${GITHUB_SHA}"
+          git push