diff --git a/.github/scripts/allowed_fqdns.txt b/.github/scripts/allowed_fqdns.txt index d107dea..efea623 100644 --- a/.github/scripts/allowed_fqdns.txt +++ b/.github/scripts/allowed_fqdns.txt @@ -54,12 +54,14 @@ hearamerica.dev.chnm.gmu.edu hurricane.dev.chnm.gmu.edu iowmaterial.dev.chnm.gmu.edu islampers.dev.chnm.gmu.edu +jdh.dev.chnm.gmu.edu mallhistory.dev.chnm.gmu.edu occupyarchive.dev.chnm.gmu.edu resounding.dev.chnm.gmu.edu thanksroy.dev.chnm.gmu.edu transatlaenc.dev.chnm.gmu.edu valostat.dev.chnm.gmu.edu +whc.dev.chnm.gmu.edu games.dev.chnm.gmu.edu 1665plague.dev.chnm.gmu.edu 1812shipping.dev.chnm.gmu.edu @@ -82,6 +84,7 @@ eagleeyecitizen.org earlymodernviolence.org dev.earlymodernviolence.org forustheliving.org +journalofdigitalhumanities.org legalmodernism.org chambers.legalmodernism.org maritime-asia.org @@ -97,4 +100,5 @@ dev.database.religiousecologies.org sustainabledh.org dev.teachinghistory.org wardepartmentpapers.org +worldhistorycommons.org hugo.wardepartmentpapers.org diff --git a/.github/workflows/docker--deploy.yml b/.github/workflows/docker--deploy.yml index afc6941..b3a02d9 100644 --- a/.github/workflows/docker--deploy.yml +++ b/.github/workflows/docker--deploy.yml @@ -43,7 +43,7 @@ jobs: echo "ref_type: ${{ github.ref_type }}" echo "ref: ${{ github.ref }}" echo "sha: ${{ github.sha }}" - + - name: Validate website FQDN id: validate uses: chnm/.github/.github/actions/validate-fqdn@main @@ -52,7 +52,7 @@ jobs: website-prod-fqdn: ${{ inputs.website-prod-fqdn }} outputs: - website_fqdn: ${{ steps.validate.outputs.website_fqdn }} + website_fqdn: ${{ steps.validate.outputs.website_fqdn }} deploy-ansible-playbook: runs-on: ${{ fromJSON(inputs.runner_labels) }} @@ -61,13 +61,37 @@ jobs: always() && !cancelled() && needs.setup.result == 'success' steps: + # Serialize the github context for the ansible playbook's Slack + # notification step. Pure-bash wrap (no python3 dep — IncusOS runners are + # minimal and may lack it; toJSON already produces valid JSON, we just + # nest it under a `github_context` key so ansible loads it as `-e "@..."` + # into that variable). - env: GITHUB_CONTEXT: ${{ toJSON(github) }} run: | - python3 -c 'import json,os,sys; json.dump({"github_context": json.loads(os.environ["GITHUB_CONTEXT"])}, sys.stdout)' > github-context.json + printf '{"github_context": %s}\n' "$GITHUB_CONTEXT" > github-context.json cat github-context.json - - env: + # IncusOS path (levi): deploy-docker-compose.yaml resolves which docker + # host runs the stack from each host's docker_compose_stacks keyed off + # target_fqdn (no host arg needed). github-context.json IS passed so the + # playbook's Slack notification can attribute the deploy to a commit / + # branch / actor. GITHUB_CONTEXT_PATH tells run-ansible-playbook.sh to + # bind-mount the host file in as /github-context.json inside the inner + # ansible container. No tag_borg skip — the IncusOS docker_stack role + # backs up via restic, not borg. + - if: ${{ contains(inputs.runner_labels, 'IncusOS') }} + env: + GITHUB_CONTEXT_PATH: "${{ github.workspace }}/github-context.json" + run: | + run-ansible-playbook.sh playbooks/deploy-docker-compose.yaml \ + -e "target_fqdn=${{ needs.setup.outputs.website_fqdn }}" \ + -e "@/github-context.json" + + # Legacy XCP-ng path: the legacy runner's deploy-docker-compose.yaml is + # keyed off input_website_fqdn and still uses borg (skipped here). + - if: ${{ !contains(inputs.runner_labels, 'IncusOS') }} + env: GITHUB_CONTEXT_PATH: "${{ github.workspace }}/github-context.json" run: | run-ansible-playbook.sh playbooks/deploy-docker-compose.yaml \ @@ -94,6 +118,6 @@ jobs: commit (${{ github.sha }}): ${{ github.event.commits[0].message }} ``` View details at ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} - SLACK_TITLE: 'Deployment Failed - `${{ github.repository }}` Release ${{ needs.release-create.outputs.release_name }}' + SLACK_TITLE: 'Deployment Failed - `${{ github.repository }}`' SLACK_USERNAME: rrchnm-systems SLACK_WEBHOOK: "${{ secrets.SLACK_WEBHOOK_SYSTEMS }}" diff --git a/.github/workflows/mirror-to-zot.yml b/.github/workflows/mirror-to-zot.yml index 9d183b1..5365fac 100644 --- a/.github/workflows/mirror-to-zot.yml +++ b/.github/workflows/mirror-to-zot.yml @@ -43,9 +43,6 @@ jobs: runs-on: [self-hosted, IncusOS] # levi — adjust label if you scope runners timeout-minutes: 7 steps: - - name: Install crane - continue-on-error: true - uses: imjasonh/setup-crane@v0.4 # or drop this once crane is baked into the runner image - name: Log crane in to the source registry (read) continue-on-error: true