groombook/app
Archived
13
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ci: auto-update infra image tags after Docker push (#70)

Browse Source 
Adds a deploy job that runs after Docker images are pushed to GHCR.
It checks out groombook/infra, updates all image SHA tags in the
Kubernetes manifests, and commits directly to main.

This ensures Flux always picks up new images after a successful build,
preventing the previous issue where :latest tags caused no manifest
diff and pods weren't updated.

Requires INFRA_DEPLOY_TOKEN secret with push access to groombook/infra.

Co-authored-by: Groom Book CTO <cto@groombook.dev>
Co-authored-by: Paperclip <noreply@paperclip.ing>
This commit was merged in pull request #70.
This commit is contained in:
groombook-paperclip[bot]
2026-03-19 20:18:04 +00:00
committed by GitHub
parent 19e0f5e3ca
commit 3b7b2b346f
1 changed files with 38 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/ci.yml
+38
View File
@@ -178,3 +178,41 @@ jobs:
ghcr.io/groombook/web:latest ghcr.io/groombook/web:latest
cache-from: type=gha cache-from: type=gha
cache-to: type=gha,mode=max cache-to: type=gha,mode=max
deploy:
name: Update Infra Image Tags
runs-on: ubuntu-latest
needs: [docker]
if: github.ref == 'refs/heads/main'
steps:
- name: Checkout infra repo
uses: actions/checkout@v4
with:
repository: groombook/infra
token: ${{ secrets.INFRA_DEPLOY_TOKEN }}
path: infra
- name: Update image tags
run: |
cd infra
SHA="${{ github.sha }}"
sed -i "s|ghcr.io/groombook/api:[a-f0-9]\{40\}|ghcr.io/groombook/api:${SHA}|g" apps/groombook/api.yaml
sed -i "s|ghcr.io/groombook/web:[a-f0-9]\{40\}|ghcr.io/groombook/web:${SHA}|g" apps/groombook/web.yaml
sed -i "s|ghcr.io/groombook/migrate:[a-f0-9]\{40\}|ghcr.io/groombook/migrate:${SHA}|g" apps/groombook/migrate-job.yaml
sed -i "s|ghcr.io/groombook/seed:[a-f0-9]\{40\}|ghcr.io/groombook/seed:${SHA}|g" apps/groombook/seed-job.yaml
sed -i "s|groombook.dev/image-sha: \"[a-f0-9]\{40\}\"|groombook.dev/image-sha: \"${SHA}\"|g" apps/groombook/api.yaml apps/groombook/web.yaml
- name: Commit and push
run: |
cd infra
git config user.name "groombook-ci[bot]"
git config user.email "ci@groombook.dev"
if git diff --quiet; then
echo "No changes to commit"
exit 0
fi
git add -A
git commit -m "deploy: update images to groombook/groombook@${GITHUB_SHA::7}
Source: https://github.com/groombook/groombook/commit/${GITHUB_SHA}"
git push