ci: optimize builds with parallelism, change detection, and registry caching

2026-02-02 14:18:01 +01:00
parent 7f4f970a38
commit b1854d5255
1 changed files with 59 additions and 11 deletions
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -38,12 +38,29 @@ jobs:
      gotify_priority:  ${{ steps.determine.outputs.gotify_priority }}
      short_sha:        ${{ steps.determine.outputs.short_sha }}
      commit_msg:       ${{ steps.determine.outputs.commit_msg }}
+      gatekeeper_changed: ${{ steps.changes.outputs.gatekeeper_changed }}
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

+      - name: 🔍 Check for Gatekeeper changes
+        id: changes
+        run: |
+          if git rev-parse HEAD~1 >/dev/null 2>&1; then
+            if git diff --quiet HEAD~1 HEAD -- gatekeeper; then
+              echo "gatekeeper_changed=false" >> $GITHUB_OUTPUT
+              echo "ℹ️ No changes in gatekeeper/"
+            else
+              echo "gatekeeper_changed=true" >> $GITHUB_OUTPUT
+              echo "⚠️ Changes detected in gatekeeper/"
+            fi
+          else
+            echo "gatekeeper_changed=true" >> $GITHUB_OUTPUT
+            echo "🆕 First commit or no history, building gatekeeper."
+          fi
+
      - name: 🔍 Environment & Version ermitteln
        id: determine
        shell: bash
@@ -166,8 +183,8 @@ jobs:
  # ──────────────────────────────────────────────────────────────────────────────
  # JOB 3: Build & Push Docker Image
  # ──────────────────────────────────────────────────────────────────────────────
-  build:
-    name: 🏗️ Build & Push
+  build-app:
+    name: 🏗️ Build App
    needs: prepare
    if: ${{ needs.prepare.outputs.target != 'skip' }}
    runs-on: docker
@@ -180,12 +197,11 @@ jobs:
      - name: 🐳 Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

-
      - name: 🔐 Registry Login
        run: |
          echo "${{ secrets.REGISTRY_PASS }}" | docker login registry.infra.mintel.me -u "${{ secrets.REGISTRY_USER }}" --password-stdin

-      - name: 🏗️ Docker Image bauen & pushen
+      - name: 🏗️ App bauen & pushen
        env:
          IMAGE_TAG: ${{ needs.prepare.outputs.image_tag }}
          TARGET:    ${{ needs.prepare.outputs.target }}
@@ -194,7 +210,6 @@ jobs:
          NEXT_PUBLIC_UMAMI_SCRIPT_URL:  ${{ needs.prepare.outputs.target == 'production' && secrets.NEXT_PUBLIC_UMAMI_SCRIPT_URL  || (needs.prepare.outputs.target == 'staging' && secrets.STAGING_NEXT_PUBLIC_UMAMI_SCRIPT_URL  || secrets.TESTING_NEXT_PUBLIC_UMAMI_SCRIPT_URL  || secrets.NEXT_PUBLIC_UMAMI_SCRIPT_URL) }}
          DIRECTUS_URL:                  ${{ needs.prepare.outputs.directus_url }}
        run: |
-          echo "🏗️ Building → $TARGET / $IMAGE_TAG"
          docker buildx build \
            --pull \
            --platform linux/arm64 \
@@ -207,15 +222,48 @@ jobs:
            --cache-to type=registry,ref=registry.infra.mintel.me/mintel/klz-cables.com:buildcache,mode=max \
            --push .

+  build-gatekeeper:
+    name: 🏗️ Build Gatekeeper
+    needs: prepare
+    if: ${{ needs.prepare.outputs.target != 'skip' }}
+    runs-on: docker
+    container:
+      image: catthehacker/ubuntu:act-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: 🐳 Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: 🔐 Registry Login
+        run: |
+          echo "${{ secrets.REGISTRY_PASS }}" | docker login registry.infra.mintel.me -u "${{ secrets.REGISTRY_USER }}" --password-stdin
+
      - name: 🏗️ Gatekeeper bauen & pushen
        env:
          IMAGE_TAG: ${{ needs.prepare.outputs.image_tag }}
+          CHG: ${{ needs.prepare.outputs.gatekeeper_changed }}
        run: |
-          docker buildx build \
-            --pull \
-            --platform linux/arm64 \
-            -t registry.infra.mintel.me/mintel/klz-cables-gatekeeper:$IMAGE_TAG \
-            --push ./gatekeeper
+          if [ "$CHG" == "true" ]; then
+            echo "🏗️ Building Gatekeeper (Changes detected)..."
+            docker buildx build \
+              --pull \
+              --platform linux/arm64 \
+              -t registry.infra.mintel.me/mintel/klz-cables-gatekeeper:$IMAGE_TAG \
+              --cache-from type=registry,ref=registry.infra.mintel.me/mintel/klz-cables-gatekeeper:buildcache \
+              --cache-to type=registry,ref=registry.infra.mintel.me/mintel/klz-cables-gatekeeper:buildcache,mode=max \
+              --push ./gatekeeper
+          else
+            echo "⏩ Skipping build, just re-tagging existing image..."
+            # Fast-track: tag the latest (or buildcache) as the new version
+            # We use buildx with cache but without rebuild triggers - it's near instant
+            docker buildx build \
+              --platform linux/arm64 \
+              -t registry.infra.mintel.me/mintel/klz-cables-gatekeeper:$IMAGE_TAG \
+              --cache-from type=registry,ref=registry.infra.mintel.me/mintel/klz-cables-gatekeeper:buildcache \
+              --push ./gatekeeper
+          fi


  # ──────────────────────────────────────────────────────────────────────────────
@@ -223,7 +271,7 @@ jobs:
  # ──────────────────────────────────────────────────────────────────────────────
  deploy:
    name: 🚀 Deploy
-    needs: [prepare, build, qa]
+    needs: [prepare, build-app, build-gatekeeper, qa]
    if: ${{ needs.prepare.outputs.target != 'skip' }}
    runs-on: docker
    env: