From 1bd6bed8d597c148bac19346495d0009913c227d Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Sat, 25 Jan 2025 16:42:27 +1100
Subject: [PATCH] feat: add build workflows

- enable fetch-depth for code_checkout
- fetch master branch before checking for changed files
- ensure the clean target is called with the default
- improve makefile failure handling
- ensure VAULT_ADDR is set before VAULT_TOKEN
---
 .gitea/workflows/build.yaml  | 31 +++++++++++++++++++++++++++++++
 .gitea/workflows/deploy.yaml | 31 +++++++++++++++++++++++++++++++
 Makefile                     | 16 +++++++++-------
 ci/build.sh                  |  7 +++----
 4 files changed, 74 insertions(+), 11 deletions(-)
 create mode 100644 .gitea/workflows/build.yaml
 create mode 100644 .gitea/workflows/deploy.yaml

diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml
new file mode 100644
index 0000000..441beb8
--- /dev/null
+++ b/.gitea/workflows/build.yaml
@@ -0,0 +1,31 @@
+name: Build
+
+on:
+  pull_request:
+
+jobs:
+  build:
+    runs-on: almalinux-8
+    container:
+      image: git.query.consul/unkin/almalinux9-actionsdind:latest
+      options: --privileged
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Fetch master branch
+        run: |
+          git fetch origin master:master
+
+      - name: Show changed files
+        run: |
+          git diff --name-only master
+
+      - name: Run Packer Builds
+        env:
+          VAULT_ROLEID: ${{ secrets.PACKER_BUILDER_VAULT_ROLEID }}
+        run: |
+          make
diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml
new file mode 100644
index 0000000..ec56b72
--- /dev/null
+++ b/.gitea/workflows/deploy.yaml
@@ -0,0 +1,31 @@
+name: Deploy
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    runs-on: almalinux-8
+    container:
+      image: git.query.consul/unkin/almalinux9-actionsdind:latest
+      options: --privileged
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Fetch master branch
+        run: |
+          git fetch origin master:master
+
+      - name: Run Packer Builds
+        env:
+          VAULT_ROLEID: ${{ secrets.PACKER_BUILDER_VAULT_ROLEID }}
+          DOCKER_USERNAME: ${{ secrets.UPLOAD_USER }}
+          DOCKER_PASSWORD: ${{ secrets.UPLOAD_PASS }}
+        run: |
+          make
diff --git a/Makefile b/Makefile
index f3678f6..a8a987c 100644
--- a/Makefile
+++ b/Makefile
@@ -8,7 +8,7 @@ REGISTRY := git.query.consul
 OWNER := unkin
 DATE_TAG := $(shell date +%Y%m%d)
 SUFFIX=$(shell basename $$(mktemp -u) | cut -d . -f 2)
-GIT_BRANCH=$(shell git branch --show-current)
+GIT_BRANCH=$(shell git symbolic-ref --short HEAD 2>/dev/null || echo $$GITHUB_HEAD_REF)
 GIT_COMMIT := $(shell git rev-parse --short HEAD)
 
 # Find all subdirectories under the IMAGES_PATH
@@ -17,7 +17,7 @@ DIRS := $(shell find $(IMAGES_PATH) -mindepth 3 -maxdepth 3 -type d | sed 's|$(I
 .PHONY: list $(DIRS)
 
 .DEFAULT_GOAL := default
-default:
+default: clean
 	./ci/build.sh
 
 # Make all images
@@ -39,9 +39,11 @@ $(DIRS):
 	@echo "Building for $@"
 
 	# Export environment
-	export VAULT_TOKEN=$$(vault write -field=token auth/approle/login role_id=$$VAULT_ROLEID)
-	export VAULT_ADDR=https://vault.service.consul:8200
-	@eval $$(vault kv get -format=json kv/service/packer/builder/env | jq -r '.data.data | to_entries[] | "export \(.key)=\(.value)"')
+	export VAULT_ADDR=https://vault.query.consul:8200
+	export VAULT_TOKEN=$$(vault write -field=token auth/approle/login role_id=$$VAULT_ROLEID) && \
+	eval $$(vault kv get -format=json kv/service/packer/builder/env | jq -r '.data.data | to_entries[] | "export \(.key)=\(.value)"')
+
+	@echo "Environment retrieved for $@"
 
 	# Check if on master branch
 	@if [ "$(GIT_BRANCH)" = "master" ]; then \
@@ -78,8 +80,8 @@ $(DIRS):
 	export SUFFIX=$(SUFFIX) && \
 	export GIT_COMMIT=$(GIT_COMMIT) && \
 	export GIT_BRANCH=$(GIT_BRANCH) && \
-	packer init . && \
-	packer build . )
+	/usr/bin/packer init . && \
+	/usr/bin/packer build . )
 
 	# Update build timestamp and date in Consul if on master branch
 	@if [ "$(GIT_BRANCH)" = "master" ]; then \
diff --git a/ci/build.sh b/ci/build.sh
index f8be9e2..95c60aa 100755
--- a/ci/build.sh
+++ b/ci/build.sh
@@ -1,6 +1,7 @@
 #!/bin/bash
 
 # Check for changes in images/ folder and the builds/ folder
+git fetch origin master:master
 if [ "$(git branch --show-current)" = "master" ]; then
   builds_changes=$(git diff --name-only HEAD^...master | grep -E '^builds/')
   images_changes=$(git diff --name-only HEAD^...master | grep -E '^images/')
@@ -11,7 +12,7 @@ fi
 
 # Run `make all` if there are changes in builds/
 if [ -n "$builds_changes" ]; then
-  echo "Changes detected in builds/. Running 'make build-all'..."
+  echo "Changes detected in builds/. Running 'make all'..."
   make all
 fi
 
@@ -20,9 +21,7 @@ if [ -n "$images_changes" ]; then
   echo "Changes detected in images/. Running specific 'make' commands..."
 
   # Extract unique paths for `make` commands
-  for file in $images_changes; do
-    # Get the subdirectory path for the make command (e.g., almalinux/8.10/actionsdind)
-    target=$(echo "$file" | sed -E 's|images/||; s|/[^/]+$||')
+  for target in $(echo $images_changes | sed -E 's|images/||; s|/[^/]+$||' | sort -u); do
     echo "Running 'make $target'..."
     make "$target"
   done