gitea_admin/ci-templates
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add reusable CI/CD pipeline templates

Browse Source 
Reusable Gitea Actions workflows for lint, test, build, and deploy:
- lint-python, lint-node, lint-rust
- test-python, test-node, test-rust
- build-push (Docker build + push to Gitea registry)
- deploy-k8s (GitOps image tag update in cluster repo)

Plus example caller workflows for python-fullstack, rust-service,
and node-frontend stacks. Branch refs aligned to staging per CON-570 standards.
This commit is contained in:
Platform Engineer
2026-03-31 19:55:17 +03:00
parent 491bb8dbfd
commit a620868998
15 changed files with 783 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

93
.gitea/workflows/build-push.yaml Normal file
View File

@@ -0,0 +1,93 @@
# Reusable workflow: Build Docker image and push to Gitea registry
# Usage: uses: wectrl-net/ci-templates/.gitea/workflows/build-push.yaml@main
name: Build & Push Docker Image
on:
workflow_call:
inputs:
image-name:
description: "Full image name (e.g. git.wectrl.net/wectrl-net/my-service)"
required: true
type: string
context:
description: "Docker build context path"
required: false
type: string
default: "."
dockerfile:
description: "Path to Dockerfile (relative to context)"
required: false
type: string
default: "Dockerfile"
platforms:
description: "Target platforms (e.g. linux/arm64, linux/amd64)"
required: false
type: string
default: "linux/arm64"
build-args:
description: "Docker build args (newline-separated KEY=VALUE)"
required: false
type: string
default: ""
secrets:
REGISTRY_USER:
required: true
REGISTRY_TOKEN:
required: true
outputs:
image-tag:
description: "The sha-based image tag that was pushed"
value: ${{ jobs.build.outputs.image-tag }}
jobs:
build:
name: Build & Push
runs-on: ubuntu-latest
container:
image: catthehacker/ubuntu:act-latest
options: --privileged
outputs:
image-tag: ${{ steps.tag.outputs.tag }}
steps:
- uses: actions/checkout@v4
- name: Compute image tag
id: tag
run: |
SHORT_SHA="${{ gitea.sha }}"
SHORT_SHA="${SHORT_SHA:0:7}"
echo "tag=sha-${SHORT_SHA}" >> "$GITEA_OUTPUT"
- name: Log in to Gitea registry
uses: docker/login-action@v3
with:
registry: git.wectrl.net
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ inputs.image-name }}
tags: |
type=sha,prefix=sha-
type=raw,value=latest,enable={{is_default_branch}}
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push
uses: docker/build-push-action@v6
with:
context: ${{ inputs.context }}
file: ${{ inputs.context }}/${{ inputs.dockerfile }}
platforms: ${{ inputs.platforms }}
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: ${{ inputs.build-args }}
cache-from: type=registry,ref=${{ inputs.image-name }}:buildcache
cache-to: type=registry,ref=${{ inputs.image-name }}:buildcache,mode=max

61
.gitea/workflows/deploy-k8s.yaml Normal file
View File

@@ -0,0 +1,61 @@
# Reusable workflow: Update image tag in wectrl-k8s-cluster repo (GitOps deploy)
# Usage: uses: wectrl-net/ci-templates/.gitea/workflows/deploy-k8s.yaml@main
name: Deploy to K8s (GitOps)
on:
workflow_call:
inputs:
image-name:
description: "Full image name (e.g. git.wectrl.net/wectrl-net/my-service)"
required: true
type: string
deploy-paths:
description: "Space-separated paths to deployment manifests in the k8s cluster repo"
required: true
type: string
service-name:
description: "Service name for commit message (e.g. h1per-pms)"
required: true
type: string
k8s-repo:
description: "K8s cluster repo (org/repo)"
required: false
type: string
default: "wectrl-net/wectrl-k8s-cluster"
secrets:
GIT_USER:
required: true
GIT_TOKEN:
required: true
jobs:
deploy:
name: Update k8s Cluster Repo
runs-on: ubuntu-latest
if: gitea.ref == 'refs/heads/main'
steps:
- name: Update image tag in cluster repo
run: |
SHA="${{ gitea.sha }}"
SHORT_SHA="${SHA:0:7}"
IMAGE_TAG="sha-${SHORT_SHA}"
git clone https://${{ secrets.GIT_USER }}:${{ secrets.GIT_TOKEN }}@git.wectrl.net/${{ inputs.k8s-repo }}.git
cd wectrl-k8s-cluster
git config user.email "ci@wectrl.net"
git config user.name "Gitea CI"
for DEPLOY_PATH in ${{ inputs.deploy-paths }}; do
sed -i "s|image: ${{ inputs.image-name }}:.*|image: ${{ inputs.image-name }}:${IMAGE_TAG}|g" \
"${DEPLOY_PATH}"
git add "${DEPLOY_PATH}"
done
if git diff --staged --quiet; then
echo "No image tag changes to commit"
else
git commit -m "deploy: ${{ inputs.service-name }} ${IMAGE_TAG}"
git push origin main
echo "Cluster repo updated — ArgoCD will sync within ~3 min"
fi

54
.gitea/workflows/lint-node.yaml Normal file
View File

@@ -0,0 +1,54 @@
# Reusable workflow: Node.js/TypeScript linting with ESLint + type-check
# Usage: uses: wectrl-net/ci-templates/.gitea/workflows/lint-node.yaml@main
name: Lint Node (ESLint + tsc)
on:
workflow_call:
inputs:
node-version:
description: "Node.js version to use"
required: false
type: string
default: "22"
working-directory:
description: "Directory containing the Node.js project (with package.json)"
required: false
type: string
default: "."
package-manager:
description: "Package manager (npm or pnpm)"
required: false
type: string
default: "npm"
lint-script:
description: "npm script name for linting"
required: false
type: string
default: "lint"
typecheck-script:
description: "npm script name for type-checking (leave empty to skip)"
required: false
type: string
default: "typecheck"
jobs:
lint:
name: ESLint + TypeScript
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ inputs.node-version }}
cache: ${{ inputs.package-manager }}
cache-dependency-path: ${{ inputs.working-directory }}/package-lock.json
- name: Install dependencies
run: npm ci
working-directory: ${{ inputs.working-directory }}
- name: ESLint
run: npm run ${{ inputs.lint-script }}
working-directory: ${{ inputs.working-directory }}
- name: TypeScript type-check
if: inputs.typecheck-script != ''
run: npm run ${{ inputs.typecheck-script }}
working-directory: ${{ inputs.working-directory }}

37
.gitea/workflows/lint-python.yaml Normal file
View File

@@ -0,0 +1,37 @@
# Reusable workflow: Python linting with Ruff
# Usage: uses: wectrl-net/ci-templates/.gitea/workflows/lint-python.yaml@main
name: Lint Python (Ruff)
on:
workflow_call:
inputs:
python-version:
description: "Python version to use"
required: false
type: string
default: "3.13"
ruff-version:
description: "Ruff version constraint"
required: false
type: string
default: ">=0.9.0"
working-directory:
description: "Directory containing the Python project"
required: false
type: string
default: "."
jobs:
lint:
name: Ruff
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: ${{ inputs.python-version }}
- name: Install Ruff
run: pip install "ruff${{ inputs.ruff-version }}"
- name: Run Ruff
run: ruff check --output-format=github .
working-directory: ${{ inputs.working-directory }}

51
.gitea/workflows/lint-rust.yaml Normal file
View File

@@ -0,0 +1,51 @@
# Reusable workflow: Rust linting with Clippy + format check
# Usage: uses: wectrl-net/ci-templates/.gitea/workflows/lint-rust.yaml@main
name: Lint Rust (Clippy)
on:
workflow_call:
inputs:
rust-toolchain:
description: "Rust toolchain (stable, nightly, or specific version)"
required: false
type: string
default: "stable"
working-directory:
description: "Directory containing the Rust project (with Cargo.toml)"
required: false
type: string
default: "."
clippy-args:
description: "Additional clippy arguments"
required: false
type: string
default: "-- -D warnings"
jobs:
lint:
name: Clippy + fmt
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ inputs.rust-toolchain }}
components: clippy, rustfmt
- name: Cache cargo
uses: actions/cache@v4
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
${{ inputs.working-directory }}/target/
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
restore-keys: ${{ runner.os }}-cargo-
- name: Check formatting
run: cargo fmt --check
working-directory: ${{ inputs.working-directory }}
- name: Run Clippy
run: cargo clippy --all-targets --all-features ${{ inputs.clippy-args }}
working-directory: ${{ inputs.working-directory }}

45
.gitea/workflows/test-node.yaml Normal file
View File

@@ -0,0 +1,45 @@
# Reusable workflow: Node.js testing
# Usage: uses: wectrl-net/ci-templates/.gitea/workflows/test-node.yaml@main
name: Test Node
on:
workflow_call:
inputs:
node-version:
description: "Node.js version to use"
required: false
type: string
default: "22"
working-directory:
description: "Directory containing the Node.js project"
required: false
type: string
default: "."
test-script:
description: "npm script name for testing"
required: false
type: string
default: "test"
test-args:
description: "Additional args appended after -- (e.g. --passWithNoTests)"
required: false
type: string
default: "--passWithNoTests"
jobs:
test:
name: Tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ inputs.node-version }}
cache: npm
cache-dependency-path: ${{ inputs.working-directory }}/package-lock.json
- name: Install dependencies
run: npm ci
working-directory: ${{ inputs.working-directory }}
- name: Run tests
run: npm run ${{ inputs.test-script }} -- ${{ inputs.test-args }}
working-directory: ${{ inputs.working-directory }}

51
.gitea/workflows/test-python.yaml Normal file
View File

@@ -0,0 +1,51 @@
# Reusable workflow: Python testing with pytest
# Usage: uses: wectrl-net/ci-templates/.gitea/workflows/test-python.yaml@main
name: Test Python (pytest)
on:
workflow_call:
inputs:
python-version:
description: "Python version to use"
required: false
type: string
default: "3.13"
working-directory:
description: "Directory containing the Python project"
required: false
type: string
default: "."
install-command:
description: "Command to install dependencies (empty = pip install pytest pytest-asyncio)"
required: false
type: string
default: ""
pytest-args:
description: "Additional pytest arguments"
required: false
type: string
default: "--ignore=venv -q"
jobs:
test:
name: pytest
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: ${{ inputs.python-version }}
- name: Install dependencies
run: |
if [ -n "${{ inputs.install-command }}" ]; then
${{ inputs.install-command }}
elif [ -f "${{ inputs.working-directory }}/requirements.txt" ]; then
pip install -r ${{ inputs.working-directory }}/requirements.txt
pip install pytest pytest-asyncio
else
pip install pytest pytest-asyncio
fi
working-directory: ${{ inputs.working-directory }}
- name: Run tests
run: pytest ${{ inputs.pytest-args }}
working-directory: ${{ inputs.working-directory }}

47
.gitea/workflows/test-rust.yaml Normal file
View File

@@ -0,0 +1,47 @@
# Reusable workflow: Rust testing with cargo test
# Usage: uses: wectrl-net/ci-templates/.gitea/workflows/test-rust.yaml@main
name: Test Rust (cargo)
on:
workflow_call:
inputs:
rust-toolchain:
description: "Rust toolchain"
required: false
type: string
default: "stable"
working-directory:
description: "Directory containing the Rust project"
required: false
type: string
default: "."
cargo-test-args:
description: "Additional cargo test arguments"
required: false
type: string
default: "--all-features"
jobs:
test:
name: cargo test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ inputs.rust-toolchain }}
- name: Cache cargo
uses: actions/cache@v4
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
${{ inputs.working-directory }}/target/
key: ${{ runner.os }}-cargo-test-${{ hashFiles('**/Cargo.lock') }}
restore-keys: ${{ runner.os }}-cargo-test-
- name: Run tests
run: cargo test ${{ inputs.cargo-test-args }}
working-directory: ${{ inputs.working-directory }}