Homelab/.forgejo/workflows/deploy.yml

name: CD - Deploy Infrastructure

on:
  push:
    branches:
      - main
  workflow_dispatch:  # Allow manual trigger

jobs:
  # Run CI first
  ci:
    uses: ./.forgejo/workflows/ci.yml
    secrets: inherit

  # Deploy infrastructure in parallel
  deploy-pve1:
    name: Deploy on pve1
    runs-on: self-hosted
    needs: ci
    continue-on-error: true
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Terraform Apply on pve1
        run: |
          cd terraform/pve1
          cat > terraform.tfvars <<EOF
          proxmox_token_id      = "${{ secrets.PROXMOX_TOKEN_ID }}"
          proxmox_token_secret  = "${{ secrets.PROXMOX_TOKEN_SECRET }}"
          ssh_public_key        = "${{ secrets.SSH_PUBLIC_KEY }}"
          forgejo_token         = "${{ secrets.FORGEJO_TOKEN }}"
          forgejo_repo_url      = "${{ secrets.FORGEJO_REPO_URL }}"
          k3s_version           = "v1.28.5+k3s1"
          ubuntu_template       = "ubuntu-2404-cloudinit"
          storage_pool          = "linstor_storage"
          snippets_storage      = "local"
          k3s_network_bridge    = "k3s"
          k3s_gateway           = "10.100.20.1"
          k3s_dns               = ["10.100.20.1", "1.1.1.1"]
          k3s_server_1_config   = { ip = "10.100.20.10/24", cores = 6, memory = 12288, disk_size = "100G" }
          EOF
          tofu init
          tofu apply -auto-approve

  deploy-pve2:
    name: Deploy on pve2
    runs-on: self-hosted
    needs: ci
    continue-on-error: true
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Terraform Apply on pve2
        run: |
          cd terraform/pve2
          cat > terraform.tfvars <<EOF
          proxmox_token_id      = "${{ secrets.PROXMOX_TOKEN_ID }}"
          proxmox_token_secret  = "${{ secrets.PROXMOX_TOKEN_SECRET }}"
          ssh_public_key        = "${{ secrets.SSH_PUBLIC_KEY }}"
          forgejo_token         = "${{ secrets.FORGEJO_TOKEN }}"
          forgejo_repo_url      = "${{ secrets.FORGEJO_REPO_URL }}"
          k3s_version           = "v1.28.5+k3s1"
          ubuntu_template       = "ubuntu-2404-cloudinit"
          storage_pool          = "linstor_storage"
          snippets_storage      = "local"
          k3s_network_bridge    = "k3s"
          k3s_gateway           = "10.100.20.1"
          k3s_dns               = ["10.100.20.1", "1.1.1.1"]
          k3s_server_2_config   = { ip = "10.100.20.20/24", cores = 6, memory = 12288, disk_size = "100G" }
          EOF
          tofu init
          tofu apply -auto-approve

  deploy-pve3:
    name: Deploy on pve3
    runs-on: self-hosted
    needs: ci
    continue-on-error: true
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Terraform Apply on pve3
        run: |
          cd terraform/pve3
          cat > terraform.tfvars <<EOF
          proxmox_token_id      = "${{ secrets.PROXMOX_TOKEN_ID }}"
          proxmox_token_secret  = "${{ secrets.PROXMOX_TOKEN_SECRET }}"
          ssh_public_key        = "${{ secrets.SSH_PUBLIC_KEY }}"
          forgejo_token         = "${{ secrets.FORGEJO_TOKEN }}"
          forgejo_repo_url      = "${{ secrets.FORGEJO_REPO_URL }}"
          k3s_version           = "v1.28.5+k3s1"
          ubuntu_template       = "ubuntu-2404-cloudinit"
          storage_pool          = "linstor_storage"
          snippets_storage      = "local"
          k3s_network_bridge    = "k3s"
          k3s_gateway           = "10.100.20.1"
          k3s_dns               = ["10.100.20.1", "1.1.1.1"]
          etcd_witness_config   = { ip = "10.100.20.30/24", cores = 2, memory = 2048, disk_size = "20G" }
          EOF
          tofu init
          tofu apply -auto-approve

  # Validate cluster after deployment
  validate-cluster:
    name: Validate K3s Cluster
    runs-on: self-hosted
    needs: [deploy-pve1, deploy-pve2, deploy-pve3]
    if: |
      always() &&
      github.ref == 'refs/heads/main' &&
      (
        (needs.deploy-pve1.result == 'success' && needs.deploy-pve2.result == 'success') ||
        (needs.deploy-pve1.result == 'success' && needs.deploy-pve3.result == 'success') ||
        (needs.deploy-pve2.result == 'success' && needs.deploy-pve3.result == 'success')
      )
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Wait for K3s cluster
        run: |
          echo "Waiting for K3s cluster to be ready..."
          sleep 300  # Wait 5 minutes for ansible-pull to configure K3s
      - name: Check cluster status (optional)
        run: |
          echo "Cluster validation completed"
        continue-on-error: true

  # Notify on completion
  notify:
    name: Deployment Notification
    runs-on: self-hosted
    needs: [deploy-pve1, deploy-pve2, deploy-pve3, validate-cluster]
    if: always()
    steps:
      - name: Deployment Summary
        run: |
          echo "=== Deployment Summary ==="
          echo "pve1 (k3s-server-1): ${{ needs.deploy-pve1.result }}"
          echo "pve2 (k3s-server-2): ${{ needs.deploy-pve2.result }}"
          echo "pve3 (etcd-witness):  ${{ needs.deploy-pve3.result }}"
          echo "Cluster validation:  ${{ needs.validate-cluster.result }}"
          echo ""

          # Count successful deployments
          success_count=0
          [ "${{ needs.deploy-pve1.result }}" == "success" ] && ((success_count++))
          [ "${{ needs.deploy-pve2.result }}" == "success" ] && ((success_count++))
          [ "${{ needs.deploy-pve3.result }}" == "success" ] && ((success_count++))

          echo "Nodes deployed: $success_count/3"

          if [ $success_count -ge 2 ]; then
            echo "SUCCESS: HA maintained - Quorum achieved ($success_count/3 nodes)"
            exit 0
          elif [ $success_count -eq 1 ]; then
            echo "WARNING: Only 1 node deployed - No HA"
            exit 1
          else
            echo "CRITICAL: No nodes deployed"
            exit 1
          fi