From 9ca04db34eb9d1a1510ff1a9ae74f223fd9bd51e Mon Sep 17 00:00:00 2001 From: Niklas Fiekas Date: Wed, 28 Jan 2026 23:12:27 +0100 Subject: [PATCH 1/2] build: retire legacy ci in favor of container build --- .github/workflows/ci.yml | 58 ------------------------------------ .github/workflows/docker.yml | 10 +++++-- Dockerfile | 31 ++++++------------- lila-push.service | 12 -------- lila-push.socket | 9 ------ 5 files changed, 17 insertions(+), 103 deletions(-) delete mode 100644 .github/workflows/ci.yml delete mode 100644 lila-push.service delete mode 100644 lila-push.socket diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml deleted file mode 100644 index b66a3b0..0000000 --- a/.github/workflows/ci.yml +++ /dev/null @@ -1,58 +0,0 @@ -name: CI - -on: - push: - pull_request: - workflow_dispatch: - inputs: - environment: - description: Target environment for deployment - required: true - type: choice - options: - - rubik - -jobs: - build: - runs-on: ubuntu-20.04 # matching rubik - steps: - - uses: actions/checkout@v4 - - uses: dtolnay/rust-toolchain@stable - - run: cargo build --release - - uses: actions/upload-artifact@v4 - with: - name: lila-push - path: target/release/lila-push - deploy: - runs-on: ubuntu-latest - environment: - name: ${{ inputs.environment }} - concurrency: - group: ${{ inputs.environment }} - needs: build - if: github.event_name == 'workflow_dispatch' - steps: - - uses: actions/download-artifact@v4 - with: - name: lila-push - - name: Configure SSH - run: | - mkdir -p ~/.ssh - touch ~/.ssh/id_deploy - chmod 600 ~/.ssh/id_deploy - echo "$SSH_KEY" > ~/.ssh/id_deploy - echo "$SSH_HOST $SSH_HOST_KEY" > ~/.ssh/known_hosts - cat >>~/.ssh/config < /usr/local/bin/lila-push && chmod +x /usr/local/bin/lila-push && systemctl restart lila-push" diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index c345242..7b9dc63 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -3,6 +3,7 @@ name: Build and Push Container on: push: branches: [main] + pull_request: workflow_dispatch: inputs: tag: @@ -26,7 +27,7 @@ jobs: packages: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Set tag id: tag @@ -44,9 +45,14 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Build and push uses: docker/build-push-action@v6 with: context: . - push: true + push: ${{ github.event_name == 'push' }} tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.tag }} + cache-from: type=gha + cache-to: type=gha,mode=max diff --git a/Dockerfile b/Dockerfile index 5c6565d..9dc78ed 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,38 +1,25 @@ # syntax=docker/dockerfile:1 -# Based on https://depot.dev/docs/container-builds/optimal-dockerfiles/rust-dockerfile - -FROM rust:1 AS build +FROM rust:1-trixie AS chef RUN cargo install cargo-chef --locked - WORKDIR /app -COPY Cargo.toml Cargo.lock ./ -COPY src ./src - -RUN cargo chef prepare --recipe-path recipe.json - -RUN --mount=type=cache,target=/usr/local/cargo/registry,sharing=locked \ - --mount=type=cache,target=/usr/local/cargo/git,sharing=locked \ - cargo chef cook --release --recipe-path recipe.json - +FROM chef AS planner COPY . . +RUN cargo chef prepare -RUN --mount=type=cache,target=/usr/local/cargo/registry,sharing=locked \ - --mount=type=cache,target=/usr/local/cargo/git,sharing=locked \ - cargo build --release --bin lila-push +FROM chef AS builder +COPY --from=planner /app/recipe.json recipe.json +RUN cargo chef cook --release +COPY . . +RUN cargo build --release FROM debian:trixie-slim AS runtime - RUN apt-get update && \ apt-get install -y --no-install-recommends ca-certificates && \ rm -rf /var/lib/apt/lists/* - RUN groupadd -g 1001 lichess && \ useradd -u 1001 -g lichess -m -d /home/lichess -s /bin/bash lichess - -COPY --from=build --chown=lichess:lichess /app/target/release/lila-push /usr/local/bin/lila-push - +COPY --from=builder --chown=lichess:lichess /app/target/release/lila-push /usr/local/bin/lila-push USER lichess - ENTRYPOINT ["/usr/local/bin/lila-push"] diff --git a/lila-push.service b/lila-push.service deleted file mode 100644 index 48543e8..0000000 --- a/lila-push.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=Web push server -After=network.target - -[Service] -Environment=PUSH_LOG=lila_push=info -ExecStart=/usr/local/bin/lila-push --bind 172.16.0.28:9054 --vapid /etc/lila-push.pem --vapid-subject mailto:contact@lichess.org -PrivateDevices=true -ProtectSystem=strict -CapabilityBoundingSet= -NoNewPrivileges=true -Restart=always diff --git a/lila-push.socket b/lila-push.socket deleted file mode 100644 index 690b703..0000000 --- a/lila-push.socket +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Web push socket -BindToDevice=sys-subsystem-net-devices-eth1.device - -[Socket] -ListenStream=172.16.0.28:9054 - -[Install] -WantedBy=sockets.target From 3f3fe4b6c113d408ebea97f29b71b281d6219fcc Mon Sep 17 00:00:00 2001 From: Niklas Fiekas Date: Wed, 28 Jan 2026 23:23:17 +0100 Subject: [PATCH 2/2] build: also push container for workflow_dispatch builds Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 7b9dc63..d1dd1de 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -52,7 +52,7 @@ jobs: uses: docker/build-push-action@v6 with: context: . - push: ${{ github.event_name == 'push' }} + push: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }} tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.tag }} cache-from: type=gha cache-to: type=gha,mode=max