alexlebens/site-documentation
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Releases 1 Activity

ci: use semantic release, release branch, and merge release workflows

Browse Source
This commit is contained in:
Alex Lebens
2026-03-12 15:50:58 -05:00
parent 4ef43534a0
commit 47e5938bf7
7 changed files with 397 additions and 299 deletions
Download Patch File Download Diff File Expand all files Collapse all files

136
.gitea/workflows/release-image-gitea.yml
View File

@@ -1,136 +0,0 @@
name: release-image-gitea
on:
push:
tags:
- 0.*
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-js
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Set up pnpm
uses: pnpm/action-setup@v4
with:
version: 10.x
- name: Set up Node.js
uses: actions/setup-node@v6
with:
node-version: 24.14.0
cache: pnpm
- name: Install Dependencies
run: pnpm install
# - name: Lint Code
# run: pnpm lint
- name: Build Project
run: pnpm build
release:
runs-on: ubuntu-js
needs: build
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Login to Registry
uses: docker/login-action@v4
with:
registry: ${{ vars.REPOSITORY_HOST }}
username: ${{ gitea.actor }}
password: ${{ secrets.REPOSITORY_TOKEN }}
- name: Create Kubeconfig
run: |
mkdir $HOME/.kube
echo "${{ secrets.KUBECONFIG_BUILDX }}" > $HOME/.kube/config
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v4
with:
driver: kubernetes
driver-opts: |
namespace=gitea
qemu.install=true
buildkitd-config-inline: |
[registry."docker.io"]
mirrors = ["harbor.alexlebens.net/proxy-hub.docker/"]
- name: Available Platforms
run: echo ${{ steps.buildx.outputs.platforms }}
- name: Extract Metadata
id: meta
uses: docker/metadata-action@v6
with:
tags: |
type=ref,event=branch
type=ref,event=tag
type=sha,format=long
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
images: |
${{ vars.REPOSITORY_HOST }}/${{ gitea.repository }}
- name: Get Version Info
id: version
run: |
echo "version=$(git describe --tags --always)" >> $GITHUB_OUTPUT
echo "commit=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
if git describe --tags --exact-match HEAD 2>/dev/null; then
echo "is_release=true" >> $GITHUB_OUTPUT
else
echo "is_release=false" >> $GITHUB_OUTPUT
fi
- name: Build and Push Image
uses: docker/build-push-action@v7
with:
context: .
push: true
platforms: linux/amd64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
VERSION=${{ steps.version.outputs.version }}
COMMIT_SHA=${{ steps.version.outputs.commit }}
IS_RELEASE=${{ steps.version.outputs.is_release }}
file: ./Dockerfile
- name: ntfy Success
uses: niniyas/ntfy-action@master
if: success()
with:
url: '${{ secrets.NTFY_URL }}'
topic: '${{ secrets.NTFY_TOPIC }}'
title: 'Release Success - Site Documentation'
priority: 3
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,successfully,completed
details: 'Image for Site Documentation has been released!'
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
- name: ntfy Failed
uses: niniyas/ntfy-action@master
if: failure()
with:
url: '${{ secrets.NTFY_URL }}'
topic: '${{ secrets.NTFY_TOPIC }}'
title: 'Release Failure - Site Documentation'
priority: 4
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,failed
details: 'Image for Site Documentation has failed to be released.'
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-documentation/actions?workflow=release-image.yml", "clear": true}]'
image: true

136
.gitea/workflows/release-image-harbor.yml
View File

@@ -1,136 +0,0 @@
name: release-image-harbor
on:
push:
tags:
- 0.*
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-js
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Set up pnpm
uses: pnpm/action-setup@v4
with:
version: 10.x
- name: Set up Node.js
uses: actions/setup-node@v6
with:
node-version: 24.14.0
cache: pnpm
- name: Install Dependencies
run: pnpm install
# - name: Lint Code
# run: pnpm lint
- name: Build Project
run: pnpm build
release:
runs-on: ubuntu-js
needs: build
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Login to Registry
uses: docker/login-action@v4
with:
registry: ${{ vars.REGISTRY_HOST }}
username: ${{ vars.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_SECRET }}
- name: Create Kubeconfig
run: |
mkdir $HOME/.kube
echo "${{ secrets.KUBECONFIG_BUILDX }}" > $HOME/.kube/config
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v4
with:
driver: kubernetes
driver-opts: |
namespace=gitea
qemu.install=true
buildkitd-config-inline: |
[registry."docker.io"]
mirrors = ["harbor.alexlebens.net/proxy-hub.docker/"]
- name: Available Platforms
run: echo ${{ steps.buildx.outputs.platforms }}
- name: Extract Metadata
id: meta
uses: docker/metadata-action@v6
with:
tags: |
type=ref,event=branch
type=ref,event=tag
type=sha,format=long
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
images: |
${{ vars.REGISTRY_HOST }}/images/site-documentation
- name: Get Version Info
id: version
run: |
echo "version=$(git describe --tags --always)" >> $GITHUB_OUTPUT
echo "commit=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
if git describe --tags --exact-match HEAD 2>/dev/null; then
echo "is_release=true" >> $GITHUB_OUTPUT
else
echo "is_release=false" >> $GITHUB_OUTPUT
fi
- name: Build and Push Image
uses: docker/build-push-action@v7
with:
context: .
push: true
platforms: linux/amd64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
VERSION=${{ steps.version.outputs.version }}
COMMIT_SHA=${{ steps.version.outputs.commit }}
IS_RELEASE=${{ steps.version.outputs.is_release }}
file: ./Dockerfile
- name: ntfy Success
uses: niniyas/ntfy-action@master
if: success()
with:
url: '${{ secrets.NTFY_URL }}'
topic: '${{ secrets.NTFY_TOPIC }}'
title: 'Release Success - Site Documentation'
priority: 3
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,successfully,completed
details: 'Image for Site Documentation has been released!'
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
- name: ntfy Failed
uses: niniyas/ntfy-action@master
if: failure()
with:
url: '${{ secrets.NTFY_URL }}'
topic: '${{ secrets.NTFY_TOPIC }}'
title: 'Release Failure - Site Documentation'
priority: 4
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,failed
details: 'Image for Site Documentation has failed to be released.'
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-documentation/actions?workflow=release-image.yml", "clear": true}]'
image: true

340
.gitea/workflows/release-image.yaml Normal file
View File

@@ -0,0 +1,340 @@
name: release-image
on:
push:
branches:
- release
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-js
steps:
- name: Checkout
uses: actions/checkout@v6
with:
ref: release
- name: Set up Node
uses: actions/setup-node@v6
with:
node-version: 24.14.0
- name: Set up Bun
uses: oven-sh/setup-bun@v2
with:
bun-version: 1.3.10
- name: Install Dependencies
run: bun install --frozen-lockfile
- name: Cache Astro Build Cache
uses: actions/cache@v5
with:
path: |
.astro
node_modules/.vite
key: ${{ runner.os }}-astro-${{ hashFiles('**/*.astro', 'astro.config.mjs') }}
restore-keys: |
${{ runner.os }}-astro-
# - name: Lint Code
# run: bun run lint
- name: Build Project
run: bun run build
- name: ntfy Failed
uses: niniyas/ntfy-action@master
if: failure()
with:
url: '${{ secrets.NTFY_URL }}'
topic: '${{ secrets.NTFY_TOPIC }}'
title: 'Test Failure - Site Documentation'
priority: 4
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,failed
details: 'During release tests failed for building Site Documentation'
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-documentation/actions?workflow=release-image.yaml", "clear": true}]'
image: true
guarddog:
runs-on: ubuntu-js
steps:
- name: Checkout
uses: actions/checkout@v6
with:
ref: release
- name: Set up Python
uses: actions/setup-python@v6
with:
python-version: '3.12'
- name: Install GuardDog
run: |
python3 -m pip install --upgrade pip
python3 -m pip install guarddog
- name: Run GuardDog
run: |
guarddog npm scan ./
- name: ntfy Failed
uses: niniyas/ntfy-action@master
if: failure()
with:
url: '${{ secrets.NTFY_URL }}'
topic: '${{ secrets.NTFY_TOPIC }}'
title: 'Security Failure - Site Documentation'
priority: 4
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,failed
details: 'During release guarddog scan failed for Site Documentation'
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-documentation/actions?workflow=release-image.yaml", "clear": true}]'
image: true
semantic-release:
needs: [ build, guarddog ]
runs-on: ubuntu-js
outputs:
new-release-published: ${{ steps.semantic.outputs.new-release-published }}
new-release-version: ${{ steps.semantic.outputs.new-release-version }}
new-release-git-tag: ${{ steps.semantic.outputs.new-release-git-tag }}
steps:
- name: Checkout
uses: actions/checkout@v6
with:
fetch-depth: 0
token: ${{ secrets.BOT_TOKEN }}
- name: Set up Node
uses: actions/setup-node@v6
with:
node-version: 24.14.0
- name: Set up Bun
uses: oven-sh/setup-bun@v2
with:
bun-version: 1.3.10
- name: Install Dependencies
run: bun install --frozen-lockfile
- name: Run Semantic Release
id: semantic
env:
GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }}
NODE_PATH: ${{ github.workspace }}/node_modules
run: |
bun run semantic-release
release-harbor:
runs-on: ubuntu-js
needs: semantic-release
if: ${{ needs.semantic-release.outputs.new-release-published == 'true' }}
steps:
- name: Checkout
uses: actions/checkout@v6
with:
ref: release
- name: Login to Harbor Registry
uses: docker/login-action@v4
with:
registry: ${{ vars.REGISTRY_HOST }}
username: ${{ vars.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_SECRET }}
- name: Login to Docker
uses: docker/login-action@v4
with:
registry: ${{ vars.DH_REGISTRY }}
username: ${{ secrets.DH_USERNAME }}
password: ${{ secrets.DH_TOKEN }}
- name: Create Kubeconfig
run: |
mkdir $HOME/.kube
echo "${{ secrets.KUBECONFIG_BUILDX }}" > $HOME/.kube/config
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v4
with:
driver: kubernetes
driver-opts: |
namespace=gitea
qemu.install=true
buildkitd-config-inline: |
[registry."docker.io"]
mirrors = ["harbor.alexlebens.net/proxy-hub.docker/"]
- name: Available Platforms
run: echo ${{ steps.buildx.outputs.platforms }}
- name: Extract Metadata
id: meta
uses: docker/metadata-action@v6
with:
images: |
${{ vars.REGISTRY_HOST }}/images/site-documentation
tags: |
type=ref,event=branch
type=sha,format=long
type=raw,value=latest,enable=${{ needs.semantic-release.outputs.new-release-published == 'true' }}
type=semver,pattern={{version}},value=${{ needs.semantic-release.outputs.new-release-version }}
type=semver,pattern={{major}}.{{minor}},value=${{ needs.semantic-release.outputs.new-release-version }}
type=semver,pattern={{major}},value=${{ needs.semantic-release.outputs.new-release-version }}
- name: Build and Push Image
uses: docker/build-push-action@v7
with:
context: .
push: true
platforms: linux/amd64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
APP_VERSION=${{ needs.semantic-release.outputs.new-release-version }}
COMMIT_SHA=${{ github.sha }}
IS_RELEASE=true
file: ./Dockerfile
cache-from: type=gha
cache-to: type=gha,mode=max
- name: ntfy Success
uses: niniyas/ntfy-action@master
if: success()
with:
url: '${{ secrets.NTFY_URL }}'
topic: '${{ secrets.NTFY_TOPIC }}'
title: 'Release Success - Site Documentation'
priority: 3
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,successfully,completed
details: 'Harbor Image for Site Documentation has been released!'
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
- name: ntfy Failed
uses: niniyas/ntfy-action@master
if: failure()
with:
url: '${{ secrets.NTFY_URL }}'
topic: '${{ secrets.NTFY_TOPIC }}'
title: 'Release Failure - Site Documentation'
priority: 4
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,failed
details: 'Harbor Image for Site Documentation has failed to be released.'
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-documentation/actions?workflow=release-image.yml", "clear": true}]'
image: true
release-gitea:
runs-on: ubuntu-js
needs: [ semantic-release, release-harbor ]
if: |
always() &&
needs.semantic-release.outputs.new-release-published == 'true'
steps:
- name: Checkout
uses: actions/checkout@v6
with:
ref: release
- name: Login to Gitea Registry
uses: docker/login-action@v4
with:
registry: ${{ vars.REPOSITORY_HOST }}
username: ${{ gitea.actor }}
password: ${{ secrets.REPOSITORY_TOKEN }}
- name: Login to Docker
uses: docker/login-action@v4
with:
registry: ${{ vars.DH_REGISTRY }}
username: ${{ secrets.DH_USERNAME }}
password: ${{ secrets.DH_TOKEN }}
- name: Create Kubeconfig
run: |
mkdir $HOME/.kube
echo "${{ secrets.KUBECONFIG_BUILDX }}" > $HOME/.kube/config
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v4
with:
driver: kubernetes
driver-opts: |
namespace=gitea
qemu.install=true
buildkitd-config-inline: |
[registry."docker.io"]
mirrors = ["harbor.alexlebens.net/proxy-hub.docker/"]
- name: Available Platforms
run: echo ${{ steps.buildx.outputs.platforms }}
- name: Extract Metadata
id: meta
uses: docker/metadata-action@v6
with:
images: |
${{ vars.REPOSITORY_HOST }}/${{ gitea.repository }}
tags: |
type=ref,event=branch
type=sha,format=long
type=raw,value=latest,enable=${{ needs.semantic-release.outputs.new-release-published == 'true' }}
type=semver,pattern={{version}},value=${{ needs.semantic-release.outputs.new-release-version }}
type=semver,pattern={{major}}.{{minor}},value=${{ needs.semantic-release.outputs.new-release-version }}
type=semver,pattern={{major}},value=${{ needs.semantic-release.outputs.new-release-version }}
- name: Build and Push Image
uses: docker/build-push-action@v7
with:
context: .
push: true
platforms: linux/amd64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
APP_VERSION=${{ needs.semantic-release.outputs.new-release-version }}
COMMIT_SHA=${{ github.sha }}
IS_RELEASE=true
file: ./Dockerfile
cache-from: type=gha
cache-to: type=gha,mode=max
- name: ntfy Success
uses: niniyas/ntfy-action@master
if: success()
with:
url: '${{ secrets.NTFY_URL }}'
topic: '${{ secrets.NTFY_TOPIC }}'
title: 'Release Success - Site Documentation'
priority: 3
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,successfully,completed
details: 'Gitea Image for Site Documentation has been released!'
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
- name: ntfy Failed
uses: niniyas/ntfy-action@master
if: failure()
with:
url: '${{ secrets.NTFY_URL }}'
topic: '${{ secrets.NTFY_TOPIC }}'
title: 'Release Failure - Site Documentation'
priority: 4
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,failed
details: 'Gitea Image for Site Documentation has failed to be released.'
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-documentation/actions?workflow=release-image.yaml", "clear": true}]'
image: true

32
.gitea/workflows/test-build.yaml
View File

@@ -4,6 +4,9 @@ on:
push: push:
branches: branches:
- main - main
paths-ignore:
- '.gitea/workflows/**'
- '**.md'
pull_request: pull_request:
branches: branches:
@@ -16,25 +19,34 @@ jobs:
- name: Checkout - name: Checkout
uses: actions/checkout@v6 uses: actions/checkout@v6
- name: Set up pnpm - name: Set up Node
uses: pnpm/action-setup@v4
with:
version: 10.x
- name: Set up Node.js
uses: actions/setup-node@v6 uses: actions/setup-node@v6
with: with:
node-version: 24.14.0 node-version: 24.14.0
cache: pnpm
- name: Set up Bun
uses: oven-sh/setup-bun@v2
with:
bun-version: 1.3.10
- name: Install Dependencies - name: Install Dependencies
run: pnpm install run: bun install --frozen-lockfile
- name: Cache Astro Build Cache
uses: actions/cache@v5
with:
path: |
.astro
node_modules/.vite
key: ${{ runner.os }}-astro-${{ hashFiles('**/*.astro', 'astro.config.mjs') }}
restore-keys: |
${{ runner.os }}-astro-
# - name: Lint Code # - name: Lint Code
# run: pnpm lint # run: bun run lint
- name: Build Project - name: Build Project
run: pnpm build run: bun run build
- name: ntfy Failed - name: ntfy Failed
uses: niniyas/ntfy-action@master uses: niniyas/ntfy-action@master

18
.releaserc.json Normal file
View File

@@ -0,0 +1,18 @@
{
"branches": ["release"],
"tagFormat": "${version}",
"plugins": [
"@semantic-release/commit-analyzer",
"@semantic-release/release-notes-generator",
"@semantic-release/changelog",
"semantic-release-export-data",
["@semantic-release/npm", { "npmPublish": false }],
["@semantic-release/git", {
"assets": ["package.json", "CHANGELOG.md"],
"message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
}],
["@saithodev/semantic-release-gitea", {
"giteaUrl": "https://gitea.alexlebens.dev"
}]
]
}

0
CHANGELOG.md Normal file
View File

34
Dockerfile
View File

@@ -1,35 +1,35 @@
ARG REGISTRY=docker.io ARG REGISTRY=dhi.io
FROM ${REGISTRY}/node:24.14.0-alpine AS base FROM ${REGISTRY}/bun:1.3.10-debian13-dev AS builder
ENV PNPM_HOME="/pnpm"
ENV PATH="$PNPM_HOME:$PATH"
RUN corepack enable
WORKDIR /app WORKDIR /app
COPY package.json pnpm-lock.yaml ./ COPY package.json bun.lock ./
FROM base AS prod-deps FROM builder AS prod-deps
RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --prod --frozen-lockfile RUN --mount=type=cache,id=bun,target=/root/.bun/install/cache \
bun install --production --frozen-lockfile
FROM prod-deps AS build-deps FROM builder AS build-deps
RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --frozen-lockfile RUN --mount=type=cache,id=bun,target=/root/.bun/install/cache \
bun install --frozen-lockfile
FROM build-deps AS build FROM build-deps AS build
COPY . . COPY . .
RUN pnpm run build RUN bun run build
RUN pnpm prune --prod
FROM base AS runtime FROM ${REGISTRY}/bun:1.3.10-alpine3.22 AS runtime
WORKDIR /app
COPY --from=prod-deps /app/node_modules /app/node_modules COPY --from=prod-deps /app/node_modules /app/node_modules
COPY --from=build /app/dist /app/dist COPY --from=build /app/dist /app/dist
ARG APP_VERSION=latest
ARG APP_VERSION
ENV HOST=0.0.0.0 ENV HOST=0.0.0.0
ENV SITE_URL=https://docs.alexlebens.dev
ENV PORT=4321 ENV PORT=4321
LABEL version="0.1.7" LABEL version=$APP_VERSION
LABEL description="Astro based documentation website" LABEL description="Astro based documentation website"
EXPOSE $PORT EXPOSE $PORT
CMD ["node", "./dist/server/entry.mjs"] CMD ["bun", "run", "./dist/server/entry.mjs"]