Homelab/.forgejo/workflows/deploy.yml

name: CD - Deploy Infrastructure

on:
  push:
    branches:
      - main
  workflow_dispatch:  # Allow manual trigger

jobs:
  # Run CI first
  ci:
    uses: ./.forgejo/workflows/ci.yml
    secrets: inherit

  # Deploy infrastructure in parallel
  deploy-pve1:
    name: Deploy on pve1
    runs-on: self-hosted
    needs: ci
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Terraform Apply on pve1
        run: |
          cd terraform/pve1
          cat > terraform.tfvars <<EOF
          proxmox_token_id      = "${{ secrets.PROXMOX_TOKEN_ID }}"
          proxmox_token_secret  = "${{ secrets.PROXMOX_TOKEN_SECRET }}"
          ssh_public_key        = "${{ secrets.SSH_PUBLIC_KEY }}"
          forgejo_token         = "${{ secrets.FORGEJO_TOKEN }}"
          forgejo_repo_url      = "${{ secrets.FORGEJO_REPO_URL }}"
          k3s_version           = "v1.28.5+k3s1"
          ubuntu_template       = "ubuntu-2204-cloudinit"
          storage_pool          = "local-lvm"
          snippets_storage      = "local"
          k3s_network_bridge    = "k3s"
          k3s_gateway           = "10.100.20.1"
          k3s_dns               = ["10.100.20.1", "1.1.1.1"]
          k3s_server_1_config   = { ip = "10.100.20.10/24", cores = 6, memory = 12288, disk_size = "100G" }
          EOF
          tofu init
          tofu apply -auto-approve

  deploy-pve2:
    name: Deploy on pve2
    runs-on: self-hosted
    needs: ci
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Terraform Apply on pve2
        run: |
          cd terraform/pve2
          cat > terraform.tfvars <<EOF
          proxmox_token_id      = "${{ secrets.PROXMOX_TOKEN_ID }}"
          proxmox_token_secret  = "${{ secrets.PROXMOX_TOKEN_SECRET }}"
          ssh_public_key        = "${{ secrets.SSH_PUBLIC_KEY }}"
          forgejo_token         = "${{ secrets.FORGEJO_TOKEN }}"
          forgejo_repo_url      = "${{ secrets.FORGEJO_REPO_URL }}"
          k3s_version           = "v1.28.5+k3s1"
          ubuntu_template       = "ubuntu-2204-cloudinit"
          storage_pool          = "local-lvm"
          snippets_storage      = "local"
          k3s_network_bridge    = "k3s"
          k3s_gateway           = "10.100.20.1"
          k3s_dns               = ["10.100.20.1", "1.1.1.1"]
          k3s_server_2_config   = { ip = "10.100.20.20/24", cores = 6, memory = 12288, disk_size = "100G" }
          EOF
          tofu init
          tofu apply -auto-approve

  deploy-pve3:
    name: Deploy on pve3
    runs-on: self-hosted
    needs: ci
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Terraform Apply on pve3
        run: |
          cd terraform/pve3
          cat > terraform.tfvars <<EOF
          proxmox_token_id      = "${{ secrets.PROXMOX_TOKEN_ID }}"
          proxmox_token_secret  = "${{ secrets.PROXMOX_TOKEN_SECRET }}"
          ssh_public_key        = "${{ secrets.SSH_PUBLIC_KEY }}"
          forgejo_token         = "${{ secrets.FORGEJO_TOKEN }}"
          forgejo_repo_url      = "${{ secrets.FORGEJO_REPO_URL }}"
          k3s_version           = "v1.28.5+k3s1"
          ubuntu_template       = "ubuntu-2204-cloudinit"
          storage_pool          = "local-lvm"
          snippets_storage      = "local"
          k3s_network_bridge    = "k3s"
          k3s_gateway           = "10.100.20.1"
          k3s_dns               = ["10.100.20.1", "1.1.1.1"]
          etcd_witness_config   = { ip = "10.100.20.30/24", cores = 2, memory = 2048, disk_size = "20G" }
          EOF
          tofu init
          tofu apply -auto-approve

  # Validate cluster after deployment
  validate-cluster:
    name: Validate K3s Cluster
    runs-on: self-hosted
    needs: [deploy-pve1, deploy-pve2, deploy-pve3]
    if: github.ref == 'refs/heads/main' && needs.deploy-pve1.result == 'success' && needs.deploy-pve2.result == 'success' && needs.deploy-pve3.result == 'success'
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Wait for K3s cluster
        run: |
          echo "Waiting for K3s cluster to be ready..."
          sleep 300  # Wait 5 minutes for ansible-pull to configure K3s
      - name: Check cluster status (optional)
        run: |
          echo "Cluster validation completed"
        continue-on-error: true

  # Notify on completion
  notify:
    name: Deployment Notification
    runs-on: self-hosted
    needs: [deploy-pve1, deploy-pve2, deploy-pve3, validate-cluster]
    if: always()
    steps:
      - name: Deployment Summary
        run: |
          echo "Deployment completed!"
          echo "pve1 status: ${{ needs.deploy-pve1.result }}"
          echo "pve2 status: ${{ needs.deploy-pve2.result }}"
          echo "pve3 status: ${{ needs.deploy-pve3.result }}"
          echo "Validation: ${{ needs.validate-cluster.result }}"
feat: Commit initial 2025-11-07 09:33:38 +01:00			`name: CD - Deploy Infrastructure`

			`on:`
			`push:`
			`branches:`
			`- main`
			`workflow_dispatch: # Allow manual trigger`

			`jobs:`
			`# Run CI first`
			`ci:`
			`uses: ./.forgejo/workflows/ci.yml`
			`secrets: inherit`

			`# Deploy infrastructure in parallel`
			`deploy-pve1:`
			`name: Deploy on pve1`
			`runs-on: self-hosted`
			`needs: ci`
			`steps:`
			`- name: Checkout code`
			`uses: actions/checkout@v4`
			`- name: Terraform Apply on pve1`
			`run: \|`
			`cd terraform/pve1`
			`cat > terraform.tfvars <<EOF`
			`proxmox_token_id = "${{ secrets.PROXMOX_TOKEN_ID }}"`
			`proxmox_token_secret = "${{ secrets.PROXMOX_TOKEN_SECRET }}"`
			`ssh_public_key = "${{ secrets.SSH_PUBLIC_KEY }}"`
			`forgejo_token = "${{ secrets.FORGEJO_TOKEN }}"`
			`forgejo_repo_url = "${{ secrets.FORGEJO_REPO_URL }}"`
			`k3s_version = "v1.28.5+k3s1"`
			`ubuntu_template = "ubuntu-2204-cloudinit"`
			`storage_pool = "local-lvm"`
			`snippets_storage = "local"`
			`k3s_network_bridge = "k3s"`
			`k3s_gateway = "10.100.20.1"`
			`k3s_dns = ["10.100.20.1", "1.1.1.1"]`
			`k3s_server_1_config = { ip = "10.100.20.10/24", cores = 6, memory = 12288, disk_size = "100G" }`
			`EOF`
			`tofu init`
			`tofu apply -auto-approve`

			`deploy-pve2:`
			`name: Deploy on pve2`
			`runs-on: self-hosted`
			`needs: ci`
			`steps:`
			`- name: Checkout code`
			`uses: actions/checkout@v4`
			`- name: Terraform Apply on pve2`
			`run: \|`
			`cd terraform/pve2`
			`cat > terraform.tfvars <<EOF`
			`proxmox_token_id = "${{ secrets.PROXMOX_TOKEN_ID }}"`
			`proxmox_token_secret = "${{ secrets.PROXMOX_TOKEN_SECRET }}"`
			`ssh_public_key = "${{ secrets.SSH_PUBLIC_KEY }}"`
			`forgejo_token = "${{ secrets.FORGEJO_TOKEN }}"`
			`forgejo_repo_url = "${{ secrets.FORGEJO_REPO_URL }}"`
			`k3s_version = "v1.28.5+k3s1"`
			`ubuntu_template = "ubuntu-2204-cloudinit"`
			`storage_pool = "local-lvm"`
			`snippets_storage = "local"`
			`k3s_network_bridge = "k3s"`
			`k3s_gateway = "10.100.20.1"`
			`k3s_dns = ["10.100.20.1", "1.1.1.1"]`
			`k3s_server_2_config = { ip = "10.100.20.20/24", cores = 6, memory = 12288, disk_size = "100G" }`
			`EOF`
			`tofu init`
			`tofu apply -auto-approve`

			`deploy-pve3:`
			`name: Deploy on pve3`
			`runs-on: self-hosted`
			`needs: ci`
			`steps:`
			`- name: Checkout code`
			`uses: actions/checkout@v4`
			`- name: Terraform Apply on pve3`
			`run: \|`
			`cd terraform/pve3`
			`cat > terraform.tfvars <<EOF`
			`proxmox_token_id = "${{ secrets.PROXMOX_TOKEN_ID }}"`
			`proxmox_token_secret = "${{ secrets.PROXMOX_TOKEN_SECRET }}"`
			`ssh_public_key = "${{ secrets.SSH_PUBLIC_KEY }}"`
			`forgejo_token = "${{ secrets.FORGEJO_TOKEN }}"`
			`forgejo_repo_url = "${{ secrets.FORGEJO_REPO_URL }}"`
			`k3s_version = "v1.28.5+k3s1"`
			`ubuntu_template = "ubuntu-2204-cloudinit"`
			`storage_pool = "local-lvm"`
			`snippets_storage = "local"`
			`k3s_network_bridge = "k3s"`
			`k3s_gateway = "10.100.20.1"`
			`k3s_dns = ["10.100.20.1", "1.1.1.1"]`
			`etcd_witness_config = { ip = "10.100.20.30/24", cores = 2, memory = 2048, disk_size = "20G" }`
			`EOF`
			`tofu init`
			`tofu apply -auto-approve`

			`# Validate cluster after deployment`
			`validate-cluster:`
			`name: Validate K3s Cluster`
			`runs-on: self-hosted`
			`needs: [deploy-pve1, deploy-pve2, deploy-pve3]`
			`if: github.ref == 'refs/heads/main' && needs.deploy-pve1.result == 'success' && needs.deploy-pve2.result == 'success' && needs.deploy-pve3.result == 'success'`
			`steps:`
			`- name: Checkout code`
			`uses: actions/checkout@v4`
			`- name: Wait for K3s cluster`
			`run: \|`
			`echo "Waiting for K3s cluster to be ready..."`
			`sleep 300 # Wait 5 minutes for ansible-pull to configure K3s`
			`- name: Check cluster status (optional)`
			`run: \|`
			`echo "Cluster validation completed"`
			`continue-on-error: true`

			`# Notify on completion`
			`notify:`
			`name: Deployment Notification`
			`runs-on: self-hosted`
			`needs: [deploy-pve1, deploy-pve2, deploy-pve3, validate-cluster]`
			`if: always()`
			`steps:`
			`- name: Deployment Summary`
			`run: \|`
			`echo "Deployment completed!"`
			`echo "pve1 status: ${{ needs.deploy-pve1.result }}"`
			`echo "pve2 status: ${{ needs.deploy-pve2.result }}"`
			`echo "pve3 status: ${{ needs.deploy-pve3.result }}"`
			`echo "Validation: ${{ needs.validate-cluster.result }}"`