fix(cd): drop matrix in favor of single-job loop

.gitea/workflows/cd.yaml

@@ -10,51 +10,8 @@ env:
   REPO: juwan
 
 jobs:
-  discover:
-    runs-on: ubuntu-latest
-    outputs:
-      targets: ${{ steps.list.outputs.targets }}
-      short_sha: ${{ steps.list.outputs.short_sha }}
-    steps:
-      - uses: actions/checkout@v4
-
-      - id: list
-        shell: bash
-        run: |
-          set -euo pipefail
-          echo "short_sha=${GITHUB_SHA::7}" >> "$GITHUB_OUTPUT"
-
-          python3 - <<'PY' >> "$GITHUB_OUTPUT"
-          import json, os
-          NAME_OVERRIDE = {
-              "users":              ("users",              "user"),
-              "user_verifications": ("user_verifications", "user-verifications"),
-          }
-          STATEFULSETS = {"snowflake-rpc": "snowflake"}
-          targets = []
-          for svc in sorted(os.listdir("app")):
-              svc_dir = f"app/{svc}"
-              if not os.path.isdir(svc_dir):
-                  continue
-              for sub in sorted(os.listdir(svc_dir)):
-                  d = f"{svc_dir}/{sub}"
-                  if not os.path.isdir(d) or sub not in ("api","rpc","mq","adapter"):
-                      continue
-                  img_pre, wl_pre = NAME_OVERRIDE.get(svc, (svc, svc))
-                  image    = f"{img_pre}-{sub}"
-                  workload = STATEFULSETS.get(image, f"{wl_pre}-{sub}")
-                  targets.append(f"{image}|{d}|{workload}")
-          print("targets=" + json.dumps(targets))
-          PY
-
   build:
-    needs: discover
     runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      max-parallel: 1
-      matrix:
-        target: ${{ fromJson(needs.discover.outputs.targets) }}
     steps:
       - uses: actions/checkout@v4
 
@@ -68,16 +25,38 @@ jobs:
           username: ${{ secrets.REGISTRY_USERNAME }}
           password: ${{ secrets.REGISTRY_PASSWORD }}
 
-      - name: Build and push
+      - name: Build and push all
         shell: bash
         env:
           REGISTRY: ${{ env.REGISTRY }}
           REPO: ${{ env.REPO }}
-          TARGET: ${{ matrix.target }}
-          SHA_TAG: ${{ needs.discover.outputs.short_sha }}
         run: |
           set -euo pipefail
-          IFS='|' read -r image dir _workload <<< "$TARGET"
+          SHA_TAG="${GITHUB_SHA::7}"
+
+          python3 - >/tmp/targets <<'PY'
+          import os
+          NAME_OVERRIDE = {
+              "users":              ("users",              "user"),
+              "user_verifications": ("user_verifications", "user-verifications"),
+          }
+          STATEFULSETS = {"snowflake-rpc": "snowflake"}
+          for svc in sorted(os.listdir("app")):
+              svc_dir = f"app/{svc}"
+              if not os.path.isdir(svc_dir):
+                  continue
+              for sub in sorted(os.listdir(svc_dir)):
+                  d = f"{svc_dir}/{sub}"
+                  if not os.path.isdir(d) or sub not in ("api","rpc","mq","adapter"):
+                      continue
+                  img_pre, wl_pre = NAME_OVERRIDE.get(svc, (svc, svc))
+                  image    = f"{img_pre}-{sub}"
+                  workload = STATEFULSETS.get(image, f"{wl_pre}-{sub}")
+                  print(f"{image}|{d}|{workload}")
+          PY
+
+          while IFS='|' read -r image dir _workload; do
+            echo "::group::Build $image"
             entry=$(grep -l "package main" "$dir"/*.go | head -n1)
             cfg=$(basename "$(find "$dir/etc" -maxdepth 1 -name '*.yaml' | head -n1)" 2>/dev/null || echo config.yaml)
             cat > Dockerfile.build <<EOF
@@ -109,11 +88,15 @@ jobs:
               --cache-to "type=registry,ref=$CACHE,mode=max" \
               --push \
               .
+            echo "::endgroup::"
+          done < /tmp/targets
 
   rollout:
-    needs: [discover, build]
+    needs: build
     runs-on: ubuntu-latest
     steps:
+      - uses: actions/checkout@v4
+
       - name: Install kubectl
         run: |
           curl -sLo /usr/local/bin/kubectl \
@@ -125,22 +108,36 @@ jobs:
           REGISTRY: ${{ env.REGISTRY }}
           REPO: ${{ env.REPO }}
           KUBECONFIG_B64: ${{ secrets.K01_KUBECONFIG }}
-          SHA_TAG: ${{ needs.discover.outputs.short_sha }}
-          TARGETS: ${{ needs.discover.outputs.targets }}
         shell: bash
         run: |
           set -euo pipefail
           mkdir -p ~/.kube
           echo "$KUBECONFIG_B64" | base64 -d > ~/.kube/config
           chmod 600 ~/.kube/config
+          SHA_TAG="${GITHUB_SHA::7}"
 
-          python3 <<'PY'
-          import json, subprocess, os
+          python3 - <<PY
+          import os, subprocess
+          NAME_OVERRIDE = {
+              "users":              ("users",              "user"),
+              "user_verifications": ("user_verifications", "user-verifications"),
+          }
+          STATEFULSETS = {"snowflake-rpc": "snowflake"}
           reg = os.environ["REGISTRY"] + "/" + os.environ["REPO"]
-          for t in json.loads(os.environ["TARGETS"]):
-              image, _, workload = t.split("|")
+          sha = "$SHA_TAG"
+          for svc in sorted(os.listdir("app")):
+              svc_dir = f"app/{svc}"
+              if not os.path.isdir(svc_dir):
+                  continue
+              for sub in sorted(os.listdir(svc_dir)):
+                  d = f"{svc_dir}/{sub}"
+                  if not os.path.isdir(d) or sub not in ("api","rpc","mq","adapter"):
+                      continue
+                  img_pre, wl_pre = NAME_OVERRIDE.get(svc, (svc, svc))
+                  image    = f"{img_pre}-{sub}"
+                  workload = STATEFULSETS.get(image, f"{wl_pre}-{sub}")
                   kind = "statefulset" if workload == "snowflake" else "deployment"
-              ref  = f"{reg}/{image}:{os.environ['SHA_TAG']}"
+                  ref  = f"{reg}/{image}:{sha}"
                   cmd  = ["kubectl","-n","juwan","set","image",f"{kind}/{workload}",f"{image}={ref}"]
                   print(" ".join(cmd))
                   subprocess.run(cmd, check=False)