From 99032f7a62a88bd8310a0eacfa2ab03c17ed9685 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Thu, 12 Mar 2026 12:59:16 -0500 Subject: [PATCH] feat: add automation to release using release-please in workflows --- .gitea/workflows/release-image-gitea.yml | 84 +++++++++++++++++++++-- .gitea/workflows/release-image-harbor.yml | 84 +++++++++++++++++++++-- CHANGELOG.md | 0 Dockerfile | 7 +- 4 files changed, 161 insertions(+), 14 deletions(-) create mode 100644 CHANGELOG.md diff --git a/.gitea/workflows/release-image-gitea.yml b/.gitea/workflows/release-image-gitea.yml index bc0ffe1..797597a 100644 --- a/.gitea/workflows/release-image-gitea.yml +++ b/.gitea/workflows/release-image-gitea.yml @@ -2,14 +2,33 @@ name: release-image-gitea on: push: - tags: - - 3.* + branches: + - main - workflow_dispatch: + pull_request: + branches: + - main jobs: + release-please: + runs-on: ubuntu-js + outputs: + release_created: ${{ steps.release.outputs.release_created }} + tag_name: ${{ steps.release.outputs.tag_name }} + steps: + - name: Checkout + uses: actions/checkout@v6 + + - name: Release Please + uses: googleapis/release-please-action@v4 + id: release + with: + release-type: node + target-branch: main + build: runs-on: ubuntu-js + needs: release-please steps: - name: Checkout uses: actions/checkout@v6 @@ -43,14 +62,66 @@ jobs: - name: Build Project run: bun run build - release: + - name: ntfy Failed + uses: niniyas/ntfy-action@master + if: failure() + with: + url: '${{ secrets.NTFY_URL }}' + topic: '${{ secrets.NTFY_TOPIC }}' + title: 'Test Failure - Site Profile' + priority: 4 + headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}' + tags: action,failed + details: 'During release tests failed for building Site Profile' + icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png' + actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-profile/actions?workflow=release-image-gitea.yml", "clear": true}]' + image: true + + guarddog: runs-on: ubuntu-js - needs: build + needs: release-please steps: - name: Checkout uses: actions/checkout@v6 - - name: Login to Registry + - name: Set up Python + uses: actions/setup-python@v6 + with: + python-version: '3.12' + + - name: Install GuardDog + run: | + python3 -m pip install --upgrade pip + python3 -m pip install guarddog + + - name: Run GuardDog + run: | + guarddog npm scan ./ + + - name: ntfy Failed + uses: niniyas/ntfy-action@master + if: failure() + with: + url: '${{ secrets.NTFY_URL }}' + topic: '${{ secrets.NTFY_TOPIC }}' + title: 'Security Failure - Site Profile' + priority: 4 + headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}' + tags: action,failed + details: 'During release guarddog scan failed for Site Profile' + icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png' + actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-profile/actions?workflow=release-image-gitea.yml", "clear": true}]' + image: true + + release: + runs-on: ubuntu-js + needs: [build, guarddog] + if: ${{ needs.release-please.outputs.release_created }} + steps: + - name: Checkout + uses: actions/checkout@v6 + + - name: Login to Gitea Registry uses: docker/login-action@v4 with: registry: ${{ vars.REPOSITORY_HOST }} @@ -118,6 +189,7 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} build-args: | + APP_VERSION=${{ needs.release-please.outputs.tag_name }} VERSION=${{ steps.version.outputs.version }} COMMIT_SHA=${{ steps.version.outputs.commit }} IS_RELEASE=${{ steps.version.outputs.is_release }} diff --git a/.gitea/workflows/release-image-harbor.yml b/.gitea/workflows/release-image-harbor.yml index 26fdee2..2d67999 100644 --- a/.gitea/workflows/release-image-harbor.yml +++ b/.gitea/workflows/release-image-harbor.yml @@ -2,14 +2,33 @@ name: release-image-harbor on: push: - tags: - - 3.* + branches: + - main - workflow_dispatch: + pull_request: + branches: + - main jobs: + release-please: + runs-on: ubuntu-js + outputs: + release_created: ${{ steps.release.outputs.release_created }} + tag_name: ${{ steps.release.outputs.tag_name }} + steps: + - name: Checkout + uses: actions/checkout@v6 + + - name: Release Please + uses: googleapis/release-please-action@v4 + id: release + with: + release-type: node + target-branch: main + build: runs-on: ubuntu-js + needs: release-please steps: - name: Checkout uses: actions/checkout@v6 @@ -43,14 +62,66 @@ jobs: - name: Build Project run: bun run build - release: + - name: ntfy Failed + uses: niniyas/ntfy-action@master + if: failure() + with: + url: '${{ secrets.NTFY_URL }}' + topic: '${{ secrets.NTFY_TOPIC }}' + title: 'Test Failure - Site Profile' + priority: 4 + headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}' + tags: action,failed + details: 'During release tests failed for building Site Profile' + icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png' + actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-profile/actions?workflow=release-image-harbor.yml", "clear": true}]' + image: true + + guarddog: runs-on: ubuntu-js - needs: build + needs: release-please steps: - name: Checkout uses: actions/checkout@v6 - - name: Login to Registry + - name: Set up Python + uses: actions/setup-python@v6 + with: + python-version: '3.12' + + - name: Install GuardDog + run: | + python3 -m pip install --upgrade pip + python3 -m pip install guarddog + + - name: Run GuardDog + run: | + guarddog npm scan ./ + + - name: ntfy Failed + uses: niniyas/ntfy-action@master + if: failure() + with: + url: '${{ secrets.NTFY_URL }}' + topic: '${{ secrets.NTFY_TOPIC }}' + title: 'Security Failure - Site Profile' + priority: 4 + headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}' + tags: action,failed + details: 'During release guarddog scan failed for Site Profile' + icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png' + actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-profile/actions?workflow=release-image-harbor.yml", "clear": true}]' + image: true + + release: + runs-on: ubuntu-js + needs: [build, guarddog] + if: ${{ needs.release-please.outputs.release_created }} + steps: + - name: Checkout + uses: actions/checkout@v6 + + - name: Login to Harbor Registry uses: docker/login-action@v4 with: registry: ${{ vars.REGISTRY_HOST }} @@ -118,6 +189,7 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} build-args: | + APP_VERSION=${{ needs.release-please.outputs.tag_name }} VERSION=${{ steps.version.outputs.version }} COMMIT_SHA=${{ steps.version.outputs.commit }} IS_RELEASE=${{ steps.version.outputs.is_release }} diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..e69de29 diff --git a/Dockerfile b/Dockerfile index e645f3a..6293599 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,11 +20,14 @@ WORKDIR /app COPY --from=prod-deps /app/node_modules /app/node_modules COPY --from=build /app/dist /app/dist -LABEL version="3.6.0" -LABEL description="Astro based personal website" +ARG APP_VERSION=latest +ARG APP_VERSION ENV HOST=0.0.0.0 ENV PORT=4321 +LABEL version=$APP_VERSION +LABEL description="Astro based personal website" + EXPOSE $PORT CMD ["bun", "run", "./dist/server/entry.mjs"]