From d42333e5eb0292a1a1f3f8f83a711f34cb46056f Mon Sep 17 00:00:00 2001
From: zetaloop <zetaloop@outlook.com>
Date: Wed, 6 May 2026 20:40:05 +0800
Subject: [PATCH] fix(cd): drop matrix in favor of single-job loop

---
 .gitea/workflows/cd.yaml | 141 +++++++++++++++++++--------------------
 1 file changed, 69 insertions(+), 72 deletions(-)

diff --git a/.gitea/workflows/cd.yaml b/.gitea/workflows/cd.yaml
index 92581e4..5f48ee7 100644
--- a/.gitea/workflows/cd.yaml
+++ b/.gitea/workflows/cd.yaml
@@ -10,51 +10,8 @@ env:
   REPO: juwan
 
 jobs:
-  discover:
-    runs-on: ubuntu-latest
-    outputs:
-      targets: ${{ steps.list.outputs.targets }}
-      short_sha: ${{ steps.list.outputs.short_sha }}
-    steps:
-      - uses: actions/checkout@v4
-
-      - id: list
-        shell: bash
-        run: |
-          set -euo pipefail
-          echo "short_sha=${GITHUB_SHA::7}" >> "$GITHUB_OUTPUT"
-
-          python3 - <<'PY' >> "$GITHUB_OUTPUT"
-          import json, os
-          NAME_OVERRIDE = {
-              "users":              ("users",              "user"),
-              "user_verifications": ("user_verifications", "user-verifications"),
-          }
-          STATEFULSETS = {"snowflake-rpc": "snowflake"}
-          targets = []
-          for svc in sorted(os.listdir("app")):
-              svc_dir = f"app/{svc}"
-              if not os.path.isdir(svc_dir):
-                  continue
-              for sub in sorted(os.listdir(svc_dir)):
-                  d = f"{svc_dir}/{sub}"
-                  if not os.path.isdir(d) or sub not in ("api","rpc","mq","adapter"):
-                      continue
-                  img_pre, wl_pre = NAME_OVERRIDE.get(svc, (svc, svc))
-                  image    = f"{img_pre}-{sub}"
-                  workload = STATEFULSETS.get(image, f"{wl_pre}-{sub}")
-                  targets.append(f"{image}|{d}|{workload}")
-          print("targets=" + json.dumps(targets))
-          PY
-
   build:
-    needs: discover
     runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      max-parallel: 1
-      matrix:
-        target: ${{ fromJson(needs.discover.outputs.targets) }}
     steps:
       - uses: actions/checkout@v4
 
@@ -68,19 +25,41 @@ jobs:
           username: ${{ secrets.REGISTRY_USERNAME }}
           password: ${{ secrets.REGISTRY_PASSWORD }}
 
-      - name: Build and push
+      - name: Build and push all
         shell: bash
         env:
           REGISTRY: ${{ env.REGISTRY }}
           REPO: ${{ env.REPO }}
-          TARGET: ${{ matrix.target }}
-          SHA_TAG: ${{ needs.discover.outputs.short_sha }}
         run: |
           set -euo pipefail
-          IFS='|' read -r image dir _workload <<< "$TARGET"
-          entry=$(grep -l "package main" "$dir"/*.go | head -n1)
-          cfg=$(basename "$(find "$dir/etc" -maxdepth 1 -name '*.yaml' | head -n1)" 2>/dev/null || echo config.yaml)
-          cat > Dockerfile.build <<EOF
+          SHA_TAG="${GITHUB_SHA::7}"
+
+          python3 - >/tmp/targets <<'PY'
+          import os
+          NAME_OVERRIDE = {
+              "users":              ("users",              "user"),
+              "user_verifications": ("user_verifications", "user-verifications"),
+          }
+          STATEFULSETS = {"snowflake-rpc": "snowflake"}
+          for svc in sorted(os.listdir("app")):
+              svc_dir = f"app/{svc}"
+              if not os.path.isdir(svc_dir):
+                  continue
+              for sub in sorted(os.listdir(svc_dir)):
+                  d = f"{svc_dir}/{sub}"
+                  if not os.path.isdir(d) or sub not in ("api","rpc","mq","adapter"):
+                      continue
+                  img_pre, wl_pre = NAME_OVERRIDE.get(svc, (svc, svc))
+                  image    = f"{img_pre}-{sub}"
+                  workload = STATEFULSETS.get(image, f"{wl_pre}-{sub}")
+                  print(f"{image}|{d}|{workload}")
+          PY
+
+          while IFS='|' read -r image dir _workload; do
+            echo "::group::Build $image"
+            entry=$(grep -l "package main" "$dir"/*.go | head -n1)
+            cfg=$(basename "$(find "$dir/etc" -maxdepth 1 -name '*.yaml' | head -n1)" 2>/dev/null || echo config.yaml)
+            cat > Dockerfile.build <<EOF
           FROM golang:1.25-alpine AS builder
           WORKDIR /build
           ENV CGO_ENABLED=0 GOOS=linux
@@ -99,21 +78,25 @@ jobs:
           COPY $dir/etc /app/etc
           CMD ["./main", "-f", "etc/$cfg"]
           EOF
-          IMAGE="$REGISTRY/$REPO/$image"
-          CACHE="$REGISTRY/$REPO/buildcache:$image"
-          docker buildx build \
-            --file Dockerfile.build \
-            --tag "$IMAGE:$SHA_TAG" \
-            --tag "$IMAGE:latest" \
-            --cache-from "type=registry,ref=$CACHE" \
-            --cache-to "type=registry,ref=$CACHE,mode=max" \
-            --push \
-            .
+            IMAGE="$REGISTRY/$REPO/$image"
+            CACHE="$REGISTRY/$REPO/buildcache:$image"
+            docker buildx build \
+              --file Dockerfile.build \
+              --tag "$IMAGE:$SHA_TAG" \
+              --tag "$IMAGE:latest" \
+              --cache-from "type=registry,ref=$CACHE" \
+              --cache-to "type=registry,ref=$CACHE,mode=max" \
+              --push \
+              .
+            echo "::endgroup::"
+          done < /tmp/targets
 
   rollout:
-    needs: [discover, build]
+    needs: build
     runs-on: ubuntu-latest
     steps:
+      - uses: actions/checkout@v4
+
       - name: Install kubectl
         run: |
           curl -sLo /usr/local/bin/kubectl \
@@ -125,23 +108,37 @@ jobs:
           REGISTRY: ${{ env.REGISTRY }}
           REPO: ${{ env.REPO }}
           KUBECONFIG_B64: ${{ secrets.K01_KUBECONFIG }}
-          SHA_TAG: ${{ needs.discover.outputs.short_sha }}
-          TARGETS: ${{ needs.discover.outputs.targets }}
         shell: bash
         run: |
           set -euo pipefail
           mkdir -p ~/.kube
           echo "$KUBECONFIG_B64" | base64 -d > ~/.kube/config
           chmod 600 ~/.kube/config
+          SHA_TAG="${GITHUB_SHA::7}"
 
-          python3 <<'PY'
-          import json, subprocess, os
+          python3 - <<PY
+          import os, subprocess
+          NAME_OVERRIDE = {
+              "users":              ("users",              "user"),
+              "user_verifications": ("user_verifications", "user-verifications"),
+          }
+          STATEFULSETS = {"snowflake-rpc": "snowflake"}
           reg = os.environ["REGISTRY"] + "/" + os.environ["REPO"]
-          for t in json.loads(os.environ["TARGETS"]):
-              image, _, workload = t.split("|")
-              kind = "statefulset" if workload == "snowflake" else "deployment"
-              ref  = f"{reg}/{image}:{os.environ['SHA_TAG']}"
-              cmd  = ["kubectl","-n","juwan","set","image",f"{kind}/{workload}",f"{image}={ref}"]
-              print(" ".join(cmd))
-              subprocess.run(cmd, check=False)
+          sha = "$SHA_TAG"
+          for svc in sorted(os.listdir("app")):
+              svc_dir = f"app/{svc}"
+              if not os.path.isdir(svc_dir):
+                  continue
+              for sub in sorted(os.listdir(svc_dir)):
+                  d = f"{svc_dir}/{sub}"
+                  if not os.path.isdir(d) or sub not in ("api","rpc","mq","adapter"):
+                      continue
+                  img_pre, wl_pre = NAME_OVERRIDE.get(svc, (svc, svc))
+                  image    = f"{img_pre}-{sub}"
+                  workload = STATEFULSETS.get(image, f"{wl_pre}-{sub}")
+                  kind = "statefulset" if workload == "snowflake" else "deployment"
+                  ref  = f"{reg}/{image}:{sha}"
+                  cmd  = ["kubectl","-n","juwan","set","image",f"{kind}/{workload}",f"{image}={ref}"]
+                  print(" ".join(cmd))
+                  subprocess.run(cmd, check=False)
           PY