Skip to content

feat: Add deployment with Portainer #74

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mpetrun5 merged 10 commits into from
Oct 10, 2025
Merged

feat: Add deployment with Portainer #74

mpetrun5 merged 10 commits into from
Oct 10, 2025

Conversation

@akandic47
Copy link

@akandic47 akandic47 commented Oct 8, 2025

Description

Related Issue Or Context

Closes: #

How Has This Been Tested? Testing details.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation

Checklist:

  • I have commented my code, particularly in hard-to-understand areas.
  • I have ensured that all acceptance criteria (or expected behavior) from issue are met
  • I have updated the documentation locally and in docs.
  • I have added tests to cover my changes.
  • I have ensured that all the checks are passing and green, I've signed the CLA bot

github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 8, 2025
View reviewed changes
.github/workflows/deploy-portainer-staging.yml
Comment on lines 23 to 99
if: ${{ github.event.workflow_run.conclusion == 'success' || github.event.inputs.image_version }}
runs-on:
group: portainer-deployment
# environment: staging

steps:
- name: Checkout code
uses: actions/checkout@v4
with:
clean: true

- name: Check if stack exists in Portainer
id: check_stack
env:
PORTAINER_URL: ${{ secrets.PORTAINER_URL }}
PORTAINER_API_TOKEN: ${{ secrets.PORTAINER_API_TOKEN }}
run: |
RESPONSE=$(curl -s -H "X-API-Key: ${{ secrets.PORTAINER_API_TOKEN }}" "${{ secrets.PORTAINER_URL }}/api/stacks")
STACK_ID=$(echo "$RESPONSE" | jq -r --arg name "$STACK_NAME" '.[] | select(.Name == $name) | .Id')

if [ -n "$STACK_ID" ]; then
echo "Stack exists. ID: $STACK_ID"
echo "exists=true" >> $GITHUB_OUTPUT
echo "stack_id=$STACK_ID" >> $GITHUB_OUTPUT
else
echo "Stack does not exist."
echo "exists=false" >> $GITHUB_OUTPUT
fi

- name: Render docker-compose.yml with envsubst
env:
DOCKER_COMPOSE_PATH: ./deploy/docker-compose.staging.yml
# export here all secrets used in the docker-compose environment
SIGNING_IMAGE_VERSION: ${{ github.event.inputs.image_version || 'latest' }}
CONFIG_1_FULL: ${{ secrets.CONFIG_1_FULL }}
CONFIG_2_FULL: ${{ secrets.CONFIG_2_FULL }}
CONFIG_3_FULL: ${{ secrets.CONFIG_3_FULL }}
KEYSHARE_1: ${{ secrets.KEYSHARE_1 }}
KEYSHARE_2: ${{ secrets.KEYSHARE_2}}
KEYSHARE_3: ${{ secrets.KEYSHARE_3 }}
run: |
envsubst < ${DOCKER_COMPOSE_PATH} > docker-compose.rendered.yml
echo "Rendered docker-compose"

- name: Deploy stack (create or update)
env:
PORTAINER_URL: ${{ secrets.PORTAINER_URL }}
PORTAINER_API_TOKEN: ${{ secrets.PORTAINER_API_TOKEN }}
run: |
ESCAPED_COMPOSE=$(cat docker-compose.rendered.yml | jq -Rs .)
STACK_EXISTS="${{ steps.check_stack.outputs.exists }}"
STACK_ID="${{ steps.check_stack.outputs.stack_id }}"

if [ "$STACK_EXISTS" = "true" ]; then
echo "Updating existing stack with ID: $STACK_ID"

echo "{\"stackFileContent\": $ESCAPED_COMPOSE, \"prune\": true, \"pullImage\": true, \"env\": []}" > payload.json

curl -s -X PUT "$PORTAINER_URL/api/stacks/$STACK_ID?endpointId=$PORTAINER_ENDPOINT_ID" \
-H "X-API-Key: $PORTAINER_API_TOKEN" \
-H "Content-Type: application/json" \
-d @payload.json \
--fail
else
echo "Creating new stack: $STACK_NAME"

echo "{\"name\": \"$STACK_NAME\", \"fromAppTemplate\": false, \"stackFileContent\": $ESCAPED_COMPOSE, \"env\": []}" > payload.json
cat payload.json
curl -v -s -X POST "$PORTAINER_URL/api/stacks/create/standalone/string?endpointId=$PORTAINER_ENDPOINT_ID" \
-H "X-API-Key: $PORTAINER_API_TOKEN" \
-H "Content-Type: application/json" \
-d @payload.json \
--fail
fi

- name: Cleanup
run: rm -rf docker-compose.rendered.yml payload.json

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 3 months ago

To fix the issue, explicitly add a permissions block with the minimal privilege required to the workflow file. You can place this block at the top of the workflow YAML (after name: and before on:) to apply the permission settings globally for all jobs within the workflow, or inside individual jobs if different jobs require distinct permissions. In this case, the workflow does not need to write to contents, issues, or pull requests—so contents: read is the correct, minimal starting setting. Add the permissions: stanza after line 1 and before the on: block (current line 5). No imports or other definition changes are necessary; simply the addition of a YAML block at the right place.

Suggested changeset 1
.github/workflows/deploy-portainer-staging.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/deploy-portainer-staging.yml b/.github/workflows/deploy-portainer-staging.yml
--- a/.github/workflows/deploy-portainer-staging.yml
+++ b/.github/workflows/deploy-portainer-staging.yml
@@ -1,5 +1,8 @@
 name: Deploy to staging
 
+permissions:
+  contents: read
+
 run-name: Deploy Sprinter signing with Portainer to staging - ${{ github.event.inputs.image_version || 'latest' }} by @${{ github.actor }}
 
 on:
EOF
@@ -1,5 +1,8 @@
name: Deploy to staging

permissions:
contents: read

run-name: Deploy Sprinter signing with Portainer to staging - ${{ github.event.inputs.image_version || 'latest' }} by @${{ github.actor }}

on:
Copilot is powered by AI and may make mistakes. Always verify output.
@github-actions
Copy link

github-actions bot commented Oct 9, 2025

Go Test coverage is 54.9 %\ ✨ ✨ ✨

@github-actions
Copy link

github-actions bot commented Oct 9, 2025

Go Test coverage is 54.9 %\ ✨ ✨ ✨

github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 9, 2025
View reviewed changes
@github-actions
Copy link

github-actions bot commented Oct 9, 2025

Go Test coverage is 54.9 %\ ✨ ✨ ✨

@akandic47 akandic47 changed the title feat: Add deployment with Portainer | wip feat: Add deployment with Portainer Oct 9, 2025
@github-actions
Copy link

github-actions bot commented Oct 9, 2025

Go Test coverage is 54.9 %\ ✨ ✨ ✨

mpetrun5
mpetrun5 previously approved these changes Oct 9, 2025
View reviewed changes
@mpetrun5 mpetrun5 merged commit a1ce255 into main Oct 10, 2025
6 of 7 checks passed
@mpetrun5 mpetrun5 deleted the feat/add-portainer-deployments branch October 10, 2025 12:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mpetrun5 mpetrun5 mpetrun5 approved these changes

@tcar121293 tcar121293 Awaiting requested review from tcar121293 tcar121293 is a code owner

@MakMuftic MakMuftic Awaiting requested review from MakMuftic MakMuftic is a code owner

@nmlinaric nmlinaric Awaiting requested review from nmlinaric

@mpetrunic mpetrunic Awaiting requested review from mpetrunic mpetrunic is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@akandic47 @mpetrun5