generated from CubeCraft-Creations/Tracehound
ci: pull-based deploy to the Pi via rolling dev release
The Pi is on a closed travel-router LAN, so push-based deploy from a
runner can't reach it. Switch to pull: the runner builds + publishes,
the Pi fetches.
- build-dev.yaml: after the arm64 build, publish the binary + sha256 +
version.txt to a rolling "dev" Gitea release (replaces the
upload-artifact + repository_dispatch -> deploy-dev hop)
- remove deploy-dev.yaml (push/scp-based deploy no longer used)
- scripts/pi-update.sh: poll the dev release, verify sha256, install via
deploy.sh (backup/restart/rollback); only updates when version changes
- scripts/remoterig-update.{service,timer}: run the updater every 5 min
- setup-pi.sh: install deploy.sh + pi-update.sh + update.env template +
the updater timer; summary now reflects the pull flow
- README: document the pull-based CI/CD; fix stale GOARM=6 (Zero 2 W is
arm64 on 64-bit OS / arm GOARM=7 on 32-bit)
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Joshua King
@@ -7,8 +7,8 @@ on:
|
||||
workflow_dispatch:
|
||||
|
||||
env:
|
||||
GO_VERSION: "1.23"
|
||||
NODE_VERSION: "20"
|
||||
GO_VERSION: "1.25"
|
||||
NODE_VERSION: "22"
|
||||
BINARY_NAME: remoterig
|
||||
|
||||
jobs:
|
||||
@@ -39,25 +39,34 @@ jobs:
|
||||
go build -ldflags="-s -w -X main.version=${GITHUB_SHA:0:8}" \
|
||||
-o ${{ env.BINARY_NAME }} ./cmd/server
|
||||
|
||||
- name: Upload build artifact
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: ${{ env.BINARY_NAME }}
|
||||
path: ${{ env.BINARY_NAME }}
|
||||
retention-days: 5
|
||||
# Pull-based deploy: publish the binary to a rolling "dev" release.
|
||||
# The Pi polls this release and self-updates (scripts/pi-update.sh);
|
||||
# the runner never needs to reach the closed RemoteRig network.
|
||||
- name: Publish to rolling dev release
|
||||
env:
|
||||
TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
SERVER: ${{ github.server_url }}
|
||||
REPO: ${{ github.repository }}
|
||||
SHA: ${{ github.sha }}
|
||||
run: |
|
||||
set -euo pipefail
|
||||
command -v jq >/dev/null || sudo apt-get update -qq && sudo apt-get install -y -qq jq
|
||||
API="$SERVER/api/v1/repos/$REPO"
|
||||
AUTH="Authorization: token $TOKEN"
|
||||
VERSION="${SHA:0:8}"
|
||||
echo "$VERSION" > version.txt
|
||||
sha256sum "$BINARY_NAME" | awk '{print $1}' > "$BINARY_NAME.sha256"
|
||||
|
||||
- name: Trigger deploy workflow
|
||||
if: success()
|
||||
uses: actions/github-script@v7
|
||||
with:
|
||||
github-token: ${{ secrets.GITHUB_TOKEN }}
|
||||
script: |
|
||||
await github.rest.repos.createDispatchEvent({
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
event_type: 'dev-build-success',
|
||||
client_payload: {
|
||||
sha: context.sha,
|
||||
ref: context.ref
|
||||
}
|
||||
})
|
||||
# Roll the "dev" release forward to this commit (delete old release + tag).
|
||||
REL_ID=$(curl -sf -H "$AUTH" "$API/releases/tags/dev" | jq -r '.id // empty' || true)
|
||||
[ -n "$REL_ID" ] && curl -sf -X DELETE -H "$AUTH" "$API/releases/$REL_ID" || true
|
||||
curl -sf -X DELETE -H "$AUTH" "$API/tags/dev" || true
|
||||
|
||||
REL_ID=$(curl -sf -X POST -H "$AUTH" -H "Content-Type: application/json" "$API/releases" \
|
||||
-d "{\"tag_name\":\"dev\",\"target_commitish\":\"$SHA\",\"name\":\"dev ($VERSION)\",\"body\":\"Rolling dev build $SHA\",\"prerelease\":true}" \
|
||||
| jq -r '.id')
|
||||
|
||||
for f in "$BINARY_NAME" "$BINARY_NAME.sha256" version.txt; do
|
||||
curl -sf -X POST -H "$AUTH" -F "attachment=@$f" "$API/releases/$REL_ID/assets?name=$f"
|
||||
done
|
||||
echo "Published dev release $VERSION"
|
||||
Reference in New Issue
Block a user