alo-cluster/.gitea/workflows/deploy-nomad.yaml

# ABOUTME: Reusable workflow for building Nix Docker images and deploying to Nomad.
# ABOUTME: Called by service repos with: uses: alo/alo-cluster/.gitea/workflows/deploy-nomad.yaml@master

name: Deploy to Nomad

on:
  workflow_call:
    inputs:
      service_name:
        required: true
        type: string
        description: "Nomad job name (must match job ID in services/*.hcl)"
      flake_output:
        required: false
        type: string
        default: "dockerImage"
        description: "Flake output to build (default: dockerImage)"
      registry:
        required: false
        type: string
        default: "gitea.v.paler.net"
        description: "Container registry hostname"
    secrets:
      REGISTRY_USERNAME:
        required: true
      REGISTRY_PASSWORD:
        required: true
      NOMAD_ADDR:
        required: true

jobs:
  build-and-deploy:
    runs-on: nix
    steps:
      - uses: actions/checkout@v4

      - name: Build Docker image
        run: |
          echo "Building .#${{ inputs.flake_output }}..."
          nix build ".#${{ inputs.flake_output }}" --out-link result

      - name: Push to registry
        run: |
          echo "Pushing to ${{ inputs.registry }}/alo/${{ inputs.service_name }}:latest..."
          skopeo copy \
            --dest-creds "${{ secrets.REGISTRY_USERNAME }}:${{ secrets.REGISTRY_PASSWORD }}" \
            --insecure-policy \
            docker-archive:result \
            "docker://${{ inputs.registry }}/alo/${{ inputs.service_name }}:latest"

      - name: Deploy to Nomad
        env:
          NOMAD_ADDR: ${{ secrets.NOMAD_ADDR }}
          SERVICE: ${{ inputs.service_name }}
        run: |
          echo "Deploying $SERVICE to Nomad..."

          # Fetch current job, update UUID to force deployment
          JOB=$(curl -sS "$NOMAD_ADDR/v1/job/$SERVICE")
          NEW_UUID=$(cat /proc/sys/kernel/random/uuid)
          echo "New deployment UUID: $NEW_UUID"
          UPDATED_JOB=$(echo "$JOB" | jq --arg uuid "$NEW_UUID" '.Meta.uuid = $uuid')

          # Submit updated job
          RESULT=$(echo "{\"Job\": $UPDATED_JOB}" | curl -sS -X POST "$NOMAD_ADDR/v1/jobs" \
            -H "Content-Type: application/json" -d @-)
          echo "Submit result: $RESULT"

          # Monitor deployment
          sleep 3
          DEPLOY_ID=$(curl -sS "$NOMAD_ADDR/v1/job/$SERVICE/deployments" | jq -r '.[0].ID')
          echo "Deployment ID: $DEPLOY_ID"

          if [ "$DEPLOY_ID" = "null" ]; then
            echo "ERROR: No deployment created. Ensure job has 'update' stanza with 'auto_revert = true'"
            exit 1
          fi

          echo "Monitoring deployment..."
          for i in $(seq 1 30); do
            STATUS=$(curl -sS "$NOMAD_ADDR/v1/deployment/$DEPLOY_ID" | jq -r '.Status')
            echo "[$i/30] Deployment status: $STATUS"
            case $STATUS in
              successful)
                echo "Deployment successful!"
                exit 0
                ;;
              failed|cancelled)
                echo "Deployment failed or cancelled"
                exit 1
                ;;
            esac
            sleep 10
          done
          echo "Timeout waiting for deployment"
          exit 1