Merge pull request 'Release' (#381) from main into release
All checks were successful
release-image / semantic-release (push) Successful in 1m24s
release-image / guarddog (push) Successful in 16s
release-image / build (push) Successful in 2m5s
release-image / release-harbor (push) Successful in 6m15s
release-image / release-gitea (push) Successful in 4m56s
All checks were successful
release-image / semantic-release (push) Successful in 1m24s
release-image / guarddog (push) Successful in 16s
release-image / build (push) Successful in 2m5s
release-image / release-harbor (push) Successful in 6m15s
release-image / release-gitea (push) Successful in 4m56s
Reviewed-on: #381
This commit was merged in pull request #381.
This commit is contained in:
@@ -1,224 +0,0 @@
|
||||
name: release-image-gitea
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
semantic-release:
|
||||
runs-on: ubuntu-js
|
||||
outputs:
|
||||
new_release_published: ${{ steps.semantic.outputs.new_release_published }}
|
||||
new_release_version: ${{ steps.semantic.outputs.new_release_version }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Set up Bun
|
||||
uses: oven-sh/setup-bun@v2
|
||||
with:
|
||||
bun-version: 1.3.10
|
||||
|
||||
- name: Run Semantic Release
|
||||
id: semantic
|
||||
env:
|
||||
GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
|
||||
GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }}
|
||||
run: |
|
||||
bunx semantic-release
|
||||
|
||||
build:
|
||||
needs: semantic-release
|
||||
if: ${{ needs.semantic-release.outputs.new_release_published == 'true' }}
|
||||
runs-on: ubuntu-js
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
ref: release
|
||||
|
||||
- name: Set up Bun
|
||||
uses: oven-sh/setup-bun@v2
|
||||
with:
|
||||
bun-version: 1.3.10
|
||||
|
||||
- name: Set up Node
|
||||
uses: actions/setup-node@v6
|
||||
with:
|
||||
node-version: 24.14.0
|
||||
|
||||
- name: Install Dependencies
|
||||
run: bun install --frozen-lockfile
|
||||
|
||||
- name: Cache Astro Build Cache
|
||||
uses: actions/cache@v5
|
||||
with:
|
||||
path: |
|
||||
.astro
|
||||
node_modules/.vite
|
||||
key: ${{ runner.os }}-astro-${{ hashFiles('**/*.astro', 'astro.config.mjs') }}
|
||||
restore-keys: |
|
||||
${{ runner.os }}-astro-
|
||||
|
||||
- name: Lint Code
|
||||
run: bun run lint
|
||||
|
||||
- name: Build Project
|
||||
run: bun run build
|
||||
|
||||
- name: ntfy Failed
|
||||
uses: niniyas/ntfy-action@master
|
||||
if: failure()
|
||||
with:
|
||||
url: '${{ secrets.NTFY_URL }}'
|
||||
topic: '${{ secrets.NTFY_TOPIC }}'
|
||||
title: 'Test Failure - Site Profile'
|
||||
priority: 4
|
||||
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
|
||||
tags: action,failed
|
||||
details: 'During release tests failed for building Site Profile'
|
||||
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
|
||||
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-profile/actions?workflow=release-image-gitea.yml", "clear": true}]'
|
||||
image: true
|
||||
|
||||
guarddog:
|
||||
needs: semantic-release
|
||||
if: ${{ needs.semantic-release.outputs.new_release_published == 'true' }}
|
||||
runs-on: ubuntu-js
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
ref: release
|
||||
|
||||
- name: Set up Python
|
||||
uses: actions/setup-python@v6
|
||||
with:
|
||||
python-version: '3.12'
|
||||
|
||||
- name: Install GuardDog
|
||||
run: |
|
||||
python3 -m pip install --upgrade pip
|
||||
python3 -m pip install guarddog
|
||||
|
||||
- name: Run GuardDog
|
||||
run: |
|
||||
guarddog npm scan ./
|
||||
|
||||
- name: ntfy Failed
|
||||
uses: niniyas/ntfy-action@master
|
||||
if: failure()
|
||||
with:
|
||||
url: '${{ secrets.NTFY_URL }}'
|
||||
topic: '${{ secrets.NTFY_TOPIC }}'
|
||||
title: 'Security Failure - Site Profile'
|
||||
priority: 4
|
||||
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
|
||||
tags: action,failed
|
||||
details: 'During release guarddog scan failed for Site Profile'
|
||||
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
|
||||
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-profile/actions?workflow=release-image-gitea.yml", "clear": true}]'
|
||||
image: true
|
||||
|
||||
release:
|
||||
runs-on: ubuntu-js
|
||||
needs: [build, guarddog, semantic-release]
|
||||
if: ${{ needs.semantic-release.outputs.new_release_published == 'true' }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
ref: release
|
||||
|
||||
- name: Login to Gitea Registry
|
||||
uses: docker/login-action@v4
|
||||
with:
|
||||
registry: ${{ vars.REPOSITORY_HOST }}
|
||||
username: ${{ gitea.actor }}
|
||||
password: ${{ secrets.REPOSITORY_TOKEN }}
|
||||
|
||||
- name: Login to Docker
|
||||
uses: docker/login-action@v4
|
||||
with:
|
||||
registry: ${{ vars.DH_REGISTRY }}
|
||||
username: ${{ secrets.DH_USERNAME }}
|
||||
password: ${{ secrets.DH_TOKEN }}
|
||||
|
||||
- name: Create Kubeconfig
|
||||
run: |
|
||||
mkdir $HOME/.kube
|
||||
echo "${{ secrets.KUBECONFIG_BUILDX }}" > $HOME/.kube/config
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
id: buildx
|
||||
uses: docker/setup-buildx-action@v4
|
||||
with:
|
||||
driver: kubernetes
|
||||
driver-opts: |
|
||||
namespace=gitea
|
||||
qemu.install=true
|
||||
buildkitd-config-inline: |
|
||||
[registry."docker.io"]
|
||||
mirrors = ["harbor.alexlebens.net/proxy-hub.docker/"]
|
||||
|
||||
- name: Available Platforms
|
||||
run: echo ${{ steps.buildx.outputs.platforms }}
|
||||
|
||||
- name: Extract Metadata
|
||||
id: meta
|
||||
uses: docker/metadata-action@v6
|
||||
with:
|
||||
tags: |
|
||||
type=ref,event=branch
|
||||
type=ref,event=tag
|
||||
type=sha,format=long
|
||||
type=semver,pattern={{version}}
|
||||
type=semver,pattern={{major}}.{{minor}}
|
||||
type=semver,pattern={{major}}
|
||||
images: |
|
||||
${{ vars.REPOSITORY_HOST }}/${{ gitea.repository }}
|
||||
|
||||
- name: Build and Push Image
|
||||
uses: docker/build-push-action@v7
|
||||
with:
|
||||
context: .
|
||||
push: true
|
||||
platforms: linux/amd64
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
build-args: |
|
||||
APP_VERSION=${{ needs.semantic-release.outputs.new_release_version }}
|
||||
COMMIT_SHA=${{ github.sha }}
|
||||
IS_RELEASE=true
|
||||
file: ./Dockerfile
|
||||
cache-from: type=gha
|
||||
cache-to: type=gha,mode=max
|
||||
|
||||
- name: ntfy Success
|
||||
uses: niniyas/ntfy-action@master
|
||||
if: success()
|
||||
with:
|
||||
url: '${{ secrets.NTFY_URL }}'
|
||||
topic: '${{ secrets.NTFY_TOPIC }}'
|
||||
title: 'Release Success - Site Profile'
|
||||
priority: 3
|
||||
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
|
||||
tags: action,successfully,completed
|
||||
details: 'Image for Site Profile has been released!'
|
||||
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
|
||||
|
||||
- name: ntfy Failed
|
||||
uses: niniyas/ntfy-action@master
|
||||
if: failure()
|
||||
with:
|
||||
url: '${{ secrets.NTFY_URL }}'
|
||||
topic: '${{ secrets.NTFY_TOPIC }}'
|
||||
title: 'Release Failure - Site Profile'
|
||||
priority: 4
|
||||
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
|
||||
tags: action,failed
|
||||
details: 'Image for Site Profile has failed to be released.'
|
||||
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
|
||||
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-profile/actions?workflow=release-image.yml", "clear": true}]'
|
||||
image: true
|
||||
@@ -1,224 +0,0 @@
|
||||
name: release-image-harbor
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
semantic-release:
|
||||
runs-on: ubuntu-js
|
||||
outputs:
|
||||
new_release_published: ${{ steps.semantic.outputs.new_release_published }}
|
||||
new_release_version: ${{ steps.semantic.outputs.new_release_version }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Set up Bun
|
||||
uses: oven-sh/setup-bun@v2
|
||||
with:
|
||||
bun-version: 1.3.10
|
||||
|
||||
- name: Run Semantic Release
|
||||
id: semantic
|
||||
env:
|
||||
GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
|
||||
GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }}
|
||||
run: |
|
||||
bunx semantic-release
|
||||
|
||||
build:
|
||||
needs: semantic-release
|
||||
if: ${{ needs.semantic-release.outputs.new_release_published == 'true' }}
|
||||
runs-on: ubuntu-js
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
ref: release
|
||||
|
||||
- name: Set up Bun
|
||||
uses: oven-sh/setup-bun@v2
|
||||
with:
|
||||
bun-version: 1.3.10
|
||||
|
||||
- name: Set up Node
|
||||
uses: actions/setup-node@v6
|
||||
with:
|
||||
node-version: 24.14.0
|
||||
|
||||
- name: Install Dependencies
|
||||
run: bun install --frozen-lockfile
|
||||
|
||||
- name: Cache Astro Build Cache
|
||||
uses: actions/cache@v5
|
||||
with:
|
||||
path: |
|
||||
.astro
|
||||
node_modules/.vite
|
||||
key: ${{ runner.os }}-astro-${{ hashFiles('**/*.astro', 'astro.config.mjs') }}
|
||||
restore-keys: |
|
||||
${{ runner.os }}-astro-
|
||||
|
||||
- name: Lint Code
|
||||
run: bun run lint
|
||||
|
||||
- name: Build Project
|
||||
run: bun run build
|
||||
|
||||
- name: ntfy Failed
|
||||
uses: niniyas/ntfy-action@master
|
||||
if: failure()
|
||||
with:
|
||||
url: '${{ secrets.NTFY_URL }}'
|
||||
topic: '${{ secrets.NTFY_TOPIC }}'
|
||||
title: 'Test Failure - Site Profile'
|
||||
priority: 4
|
||||
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
|
||||
tags: action,failed
|
||||
details: 'During release tests failed for building Site Profile'
|
||||
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
|
||||
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-profile/actions?workflow=release-image-harbor.yml", "clear": true}]'
|
||||
image: true
|
||||
|
||||
guarddog:
|
||||
needs: semantic-release
|
||||
if: ${{ needs.semantic-release.outputs.new_release_published == 'true' }}
|
||||
runs-on: ubuntu-js
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
ref: release
|
||||
|
||||
- name: Set up Python
|
||||
uses: actions/setup-python@v6
|
||||
with:
|
||||
python-version: '3.12'
|
||||
|
||||
- name: Install GuardDog
|
||||
run: |
|
||||
python3 -m pip install --upgrade pip
|
||||
python3 -m pip install guarddog
|
||||
|
||||
- name: Run GuardDog
|
||||
run: |
|
||||
guarddog npm scan ./
|
||||
|
||||
- name: ntfy Failed
|
||||
uses: niniyas/ntfy-action@master
|
||||
if: failure()
|
||||
with:
|
||||
url: '${{ secrets.NTFY_URL }}'
|
||||
topic: '${{ secrets.NTFY_TOPIC }}'
|
||||
title: 'Security Failure - Site Profile'
|
||||
priority: 4
|
||||
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
|
||||
tags: action,failed
|
||||
details: 'During release guarddog scan failed for Site Profile'
|
||||
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
|
||||
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-profile/actions?workflow=release-image-harbor.yml", "clear": true}]'
|
||||
image: true
|
||||
|
||||
release:
|
||||
runs-on: ubuntu-js
|
||||
needs: [build, guarddog, semantic-release]
|
||||
if: ${{ needs.semantic-release.outputs.new_release_published == 'true' }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
ref: release
|
||||
|
||||
- name: Login to Harbor Registry
|
||||
uses: docker/login-action@v4
|
||||
with:
|
||||
registry: ${{ vars.REGISTRY_HOST }}
|
||||
username: ${{ vars.REGISTRY_USER }}
|
||||
password: ${{ secrets.REGISTRY_SECRET }}
|
||||
|
||||
- name: Login to Docker
|
||||
uses: docker/login-action@v4
|
||||
with:
|
||||
registry: ${{ vars.DH_REGISTRY }}
|
||||
username: ${{ secrets.DH_USERNAME }}
|
||||
password: ${{ secrets.DH_TOKEN }}
|
||||
|
||||
- name: Create Kubeconfig
|
||||
run: |
|
||||
mkdir $HOME/.kube
|
||||
echo "${{ secrets.KUBECONFIG_BUILDX }}" > $HOME/.kube/config
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
id: buildx
|
||||
uses: docker/setup-buildx-action@v4
|
||||
with:
|
||||
driver: kubernetes
|
||||
driver-opts: |
|
||||
namespace=gitea
|
||||
qemu.install=true
|
||||
buildkitd-config-inline: |
|
||||
[registry."docker.io"]
|
||||
mirrors = ["harbor.alexlebens.net/proxy-hub.docker/"]
|
||||
|
||||
- name: Available Platforms
|
||||
run: echo ${{ steps.buildx.outputs.platforms }}
|
||||
|
||||
- name: Extract Metadata
|
||||
id: meta
|
||||
uses: docker/metadata-action@v6
|
||||
with:
|
||||
tags: |
|
||||
type=ref,event=branch
|
||||
type=ref,event=tag
|
||||
type=sha,format=long
|
||||
type=semver,pattern={{version}}
|
||||
type=semver,pattern={{major}}.{{minor}}
|
||||
type=semver,pattern={{major}}
|
||||
images: |
|
||||
${{ vars.REGISTRY_HOST }}/images/site-profile
|
||||
|
||||
- name: Build and Push Image
|
||||
uses: docker/build-push-action@v7
|
||||
with:
|
||||
context: .
|
||||
push: true
|
||||
platforms: linux/amd64
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
build-args: |
|
||||
APP_VERSION=${{ needs.semantic-release.outputs.new_release_version }}
|
||||
COMMIT_SHA=${{ github.sha }}
|
||||
IS_RELEASE=true
|
||||
file: ./Dockerfile
|
||||
cache-from: type=gha
|
||||
cache-to: type=gha,mode=max
|
||||
|
||||
- name: ntfy Success
|
||||
uses: niniyas/ntfy-action@master
|
||||
if: success()
|
||||
with:
|
||||
url: '${{ secrets.NTFY_URL }}'
|
||||
topic: '${{ secrets.NTFY_TOPIC }}'
|
||||
title: 'Release Success - Site Profile'
|
||||
priority: 3
|
||||
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
|
||||
tags: action,successfully,completed
|
||||
details: 'Image for Site Profile has been released!'
|
||||
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
|
||||
|
||||
- name: ntfy Failed
|
||||
uses: niniyas/ntfy-action@master
|
||||
if: failure()
|
||||
with:
|
||||
url: '${{ secrets.NTFY_URL }}'
|
||||
topic: '${{ secrets.NTFY_TOPIC }}'
|
||||
title: 'Release Failure - Site Profile'
|
||||
priority: 4
|
||||
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
|
||||
tags: action,failed
|
||||
details: 'Image for Site Profile has failed to be released.'
|
||||
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
|
||||
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-profile/actions?workflow=release-image.yml", "clear": true}]'
|
||||
image: true
|
||||
@@ -11,9 +11,9 @@ jobs:
|
||||
semantic-release:
|
||||
runs-on: ubuntu-js
|
||||
outputs:
|
||||
new-release-published: ${{ steps.semantic-release.outputs.new-release-published }}
|
||||
new-release-version: ${{ steps.semantic-release.outputs.new-release-version }}
|
||||
new-release-git-tag: ${{ steps.semantic-release.outputs.new-release-git-tag }}
|
||||
new-release-published: ${{ steps.semantic.outputs.new-release-published }}
|
||||
new-release-version: ${{ steps.semantic.outputs.new-release-version }}
|
||||
new-release-git-tag: ${{ steps.semantic.outputs.new-release-git-tag }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
|
||||
Reference in New Issue
Block a user