Adriano/Cerbero-mcp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ci: validate-config job + cache registry-based
ci / ruff lint (push) Has been cancelled
Details
ci / mypy mcp_common (push) Has been cancelled
Details
ci / pytest (push) Has been cancelled
Details
ci / validate compose + Caddyfile (push) Has been cancelled
Details
ci / build & push to registry (push) Has been cancelled
Details

Browse Source 
- Nuovo job validate-config: docker compose -f docker-compose.{yml,prod.yml}
  config -q (verifica sintassi YAML + variabili env) + caddy validate
  --config Caddyfile (sintassi gateway).
- build-and-push ora needs anche validate-config: niente push image se
  compose o Caddyfile sono rotti.
- Cache Docker buildx passata da type=gha (richiede backend cache server
  Gitea Actions configurato) a type=registry,ref=<prefix>/buildcache:<name>
  che usa il registry stesso come storage cache. Funziona out-of-the-box,
  niente setup extra.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
AdrianoDev
2026-04-28 23:02:17 +02:00
parent c251fda886
commit 65641a7de8
1 changed files with 54 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/ci.yml
+54 -32
View File
@@ -16,10 +16,8 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- name: Install uv - name: Install uv
run: curl -LsSf https://astral.sh/uv/install.sh | sh run: curl -LsSf https://astral.sh/uv/install.sh | sh
- name: Cache uv - name: Cache uv
uses: actions/cache@v4 uses: actions/cache@v4
with: with:
@@ -27,10 +25,8 @@ jobs:
key: uv-${{ runner.os }}-${{ hashFiles('uv.lock') }} key: uv-${{ runner.os }}-${{ hashFiles('uv.lock') }}
restore-keys: | restore-keys: |
uv-${{ runner.os }}- uv-${{ runner.os }}-
- name: Install deps - name: Install deps
run: $HOME/.local/bin/uv sync --frozen --group dev run: $HOME/.local/bin/uv sync --frozen --group dev
- name: Ruff check - name: Ruff check
run: $HOME/.local/bin/uv run ruff check services/ run: $HOME/.local/bin/uv run ruff check services/
@@ -39,22 +35,17 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- name: Install uv - name: Install uv
run: curl -LsSf https://astral.sh/uv/install.sh | sh run: curl -LsSf https://astral.sh/uv/install.sh | sh
- name: Cache uv - name: Cache uv
uses: actions/cache@v4 uses: actions/cache@v4
with: with:
path: ~/.cache/uv path: ~/.cache/uv
key: uv-${{ runner.os }}-${{ hashFiles('uv.lock') }} key: uv-${{ runner.os }}-${{ hashFiles('uv.lock') }}
- name: Install deps - name: Install deps
run: $HOME/.local/bin/uv sync --frozen --group dev run: $HOME/.local/bin/uv sync --frozen --group dev
- name: Mypy on mcp_common (gating) - name: Mypy on mcp_common (gating)
run: $HOME/.local/bin/uv run mypy services/common/src/mcp_common run: $HOME/.local/bin/uv run mypy services/common/src/mcp_common
- name: Mypy on services (warn-only) - name: Mypy on services (warn-only)
run: $HOME/.local/bin/uv run mypy services/ || true run: $HOME/.local/bin/uv run mypy services/ || true
@@ -63,26 +54,57 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- name: Install uv - name: Install uv
run: curl -LsSf https://astral.sh/uv/install.sh | sh run: curl -LsSf https://astral.sh/uv/install.sh | sh
- name: Cache uv - name: Cache uv
uses: actions/cache@v4 uses: actions/cache@v4
with: with:
path: ~/.cache/uv path: ~/.cache/uv
key: uv-${{ runner.os }}-${{ hashFiles('uv.lock') }} key: uv-${{ runner.os }}-${{ hashFiles('uv.lock') }}
- name: Install deps - name: Install deps
run: $HOME/.local/bin/uv sync --frozen --group dev run: $HOME/.local/bin/uv sync --frozen --group dev
- name: Pytest full suite - name: Pytest full suite
run: $HOME/.local/bin/uv run pytest services/ -v --tb=short run: $HOME/.local/bin/uv run pytest services/ --tb=short
validate-config:
name: validate compose + Caddyfile
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Validate dev compose
run: docker compose -f docker-compose.yml config -q
- name: Validate prod compose
run: docker compose -f docker-compose.prod.yml config -q
env:
ACME_EMAIL: test@example.com
WRITE_ALLOWLIST: "127.0.0.1/32"
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build gateway image (local, no push)
uses: docker/build-push-action@v6
with:
context: ./gateway
file: gateway/Dockerfile
tags: cerbero-gateway:validate
load: true
- name: Validate Caddyfile syntax
run: |
docker run --rm \
-v "$PWD/gateway/Caddyfile:/etc/caddy/Caddyfile:ro" \
-e ACME_EMAIL=test@example.com \
-e WRITE_ALLOWLIST="127.0.0.1/32" \
cerbero-gateway:validate \
caddy validate --config /etc/caddy/Caddyfile
build-and-push: build-and-push:
name: build & push to registry name: build & push to registry
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: [lint, test] needs: [lint, test, validate-config]
if: github.event_name == 'push' && github.ref == 'refs/heads/main' if: github.event_name == 'push' && github.ref == 'refs/heads/main'
permissions: permissions:
packages: write packages: write
@@ -103,15 +125,15 @@ jobs:
id: meta id: meta
run: echo "sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT run: echo "sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
- name: Build base image (cache only, not pushed) - name: Build base image (load to local daemon)
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
with: with:
context: . context: .
file: docker/base.Dockerfile file: docker/base.Dockerfile
tags: cerbero-base:latest tags: cerbero-base:latest
load: true load: true
cache-from: type=gha cache-from: type=registry,ref=${{ env.IMAGE_PREFIX }}/buildcache:base
cache-to: type=gha,mode=max cache-to: type=registry,ref=${{ env.IMAGE_PREFIX }}/buildcache:base,mode=max
- name: Build & push gateway - name: Build & push gateway
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
@@ -122,8 +144,8 @@ jobs:
tags: | tags: |
${{ env.IMAGE_PREFIX }}/gateway:latest ${{ env.IMAGE_PREFIX }}/gateway:latest
${{ env.IMAGE_PREFIX }}/gateway:sha-${{ steps.meta.outputs.sha }} ${{ env.IMAGE_PREFIX }}/gateway:sha-${{ steps.meta.outputs.sha }}
cache-from: type=gha cache-from: type=registry,ref=${{ env.IMAGE_PREFIX }}/buildcache:gateway
cache-to: type=gha,mode=max cache-to: type=registry,ref=${{ env.IMAGE_PREFIX }}/buildcache:gateway,mode=max
- name: Build & push mcp-deribit - name: Build & push mcp-deribit
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
@@ -135,8 +157,8 @@ jobs:
tags: | tags: |
${{ env.IMAGE_PREFIX }}/mcp-deribit:latest ${{ env.IMAGE_PREFIX }}/mcp-deribit:latest
${{ env.IMAGE_PREFIX }}/mcp-deribit:sha-${{ steps.meta.outputs.sha }} ${{ env.IMAGE_PREFIX }}/mcp-deribit:sha-${{ steps.meta.outputs.sha }}
cache-from: type=gha cache-from: type=registry,ref=${{ env.IMAGE_PREFIX }}/buildcache:mcp-deribit
cache-to: type=gha,mode=max cache-to: type=registry,ref=${{ env.IMAGE_PREFIX }}/buildcache:mcp-deribit,mode=max
- name: Build & push mcp-bybit - name: Build & push mcp-bybit
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
@@ -148,8 +170,8 @@ jobs:
tags: | tags: |
${{ env.IMAGE_PREFIX }}/mcp-bybit:latest ${{ env.IMAGE_PREFIX }}/mcp-bybit:latest
${{ env.IMAGE_PREFIX }}/mcp-bybit:sha-${{ steps.meta.outputs.sha }} ${{ env.IMAGE_PREFIX }}/mcp-bybit:sha-${{ steps.meta.outputs.sha }}
cache-from: type=gha cache-from: type=registry,ref=${{ env.IMAGE_PREFIX }}/buildcache:mcp-bybit
cache-to: type=gha,mode=max cache-to: type=registry,ref=${{ env.IMAGE_PREFIX }}/buildcache:mcp-bybit,mode=max
- name: Build & push mcp-hyperliquid - name: Build & push mcp-hyperliquid
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
@@ -161,8 +183,8 @@ jobs:
tags: | tags: |
${{ env.IMAGE_PREFIX }}/mcp-hyperliquid:latest ${{ env.IMAGE_PREFIX }}/mcp-hyperliquid:latest
${{ env.IMAGE_PREFIX }}/mcp-hyperliquid:sha-${{ steps.meta.outputs.sha }} ${{ env.IMAGE_PREFIX }}/mcp-hyperliquid:sha-${{ steps.meta.outputs.sha }}
cache-from: type=gha cache-from: type=registry,ref=${{ env.IMAGE_PREFIX }}/buildcache:mcp-hyperliquid
cache-to: type=gha,mode=max cache-to: type=registry,ref=${{ env.IMAGE_PREFIX }}/buildcache:mcp-hyperliquid,mode=max
- name: Build & push mcp-alpaca - name: Build & push mcp-alpaca
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
@@ -174,8 +196,8 @@ jobs:
tags: | tags: |
${{ env.IMAGE_PREFIX }}/mcp-alpaca:latest ${{ env.IMAGE_PREFIX }}/mcp-alpaca:latest
${{ env.IMAGE_PREFIX }}/mcp-alpaca:sha-${{ steps.meta.outputs.sha }} ${{ env.IMAGE_PREFIX }}/mcp-alpaca:sha-${{ steps.meta.outputs.sha }}
cache-from: type=gha cache-from: type=registry,ref=${{ env.IMAGE_PREFIX }}/buildcache:mcp-alpaca
cache-to: type=gha,mode=max cache-to: type=registry,ref=${{ env.IMAGE_PREFIX }}/buildcache:mcp-alpaca,mode=max
- name: Build & push mcp-macro - name: Build & push mcp-macro
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
@@ -187,8 +209,8 @@ jobs:
tags: | tags: |
${{ env.IMAGE_PREFIX }}/mcp-macro:latest ${{ env.IMAGE_PREFIX }}/mcp-macro:latest
${{ env.IMAGE_PREFIX }}/mcp-macro:sha-${{ steps.meta.outputs.sha }} ${{ env.IMAGE_PREFIX }}/mcp-macro:sha-${{ steps.meta.outputs.sha }}
cache-from: type=gha cache-from: type=registry,ref=${{ env.IMAGE_PREFIX }}/buildcache:mcp-macro
cache-to: type=gha,mode=max cache-to: type=registry,ref=${{ env.IMAGE_PREFIX }}/buildcache:mcp-macro,mode=max
- name: Build & push mcp-sentiment - name: Build & push mcp-sentiment
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
@@ -200,5 +222,5 @@ jobs:
tags: | tags: |
${{ env.IMAGE_PREFIX }}/mcp-sentiment:latest ${{ env.IMAGE_PREFIX }}/mcp-sentiment:latest
${{ env.IMAGE_PREFIX }}/mcp-sentiment:sha-${{ steps.meta.outputs.sha }} ${{ env.IMAGE_PREFIX }}/mcp-sentiment:sha-${{ steps.meta.outputs.sha }}
cache-from: type=gha cache-from: type=registry,ref=${{ env.IMAGE_PREFIX }}/buildcache:mcp-sentiment
cache-to: type=gha,mode=max cache-to: type=registry,ref=${{ env.IMAGE_PREFIX }}/buildcache:mcp-sentiment,mode=max