ci: split push release/publish and harden workflows (#27)
### Added * Separate release from Docker/Helm publish * enrich releases with PRbodies when available * tighten release.sh validation and idempotency * trim PR docker-build metadata for act-runner stability Reviewed-on: #27 Co-authored-by: keligrubb <keligrubb324@gmail.com> Co-committed-by: keligrubb <keligrubb324@gmail.com>
This commit was merged in pull request #27.
This commit is contained in:
@@ -79,7 +79,14 @@ jobs:
|
||||
|
||||
- name: Build (dry run)
|
||||
uses: https://git.keligrubb.com/actions/docker-build-push-action@v7
|
||||
env:
|
||||
# Keeps GITHUB_OUTPUT small; Gitea act-runner can choke on multiline
|
||||
# outputs when PR webhook payloads (e.g. Renovate bodies) are huge.
|
||||
DOCKER_BUILD_SUMMARY: "false"
|
||||
DOCKER_BUILD_RECORD_UPLOAD: "false"
|
||||
with:
|
||||
context: .
|
||||
push: false
|
||||
provenance: false
|
||||
sbom: false
|
||||
tags: ${{ steps.image.outputs.tag }}
|
||||
|
||||
@@ -5,13 +5,25 @@ on:
|
||||
branches: [main]
|
||||
|
||||
jobs:
|
||||
release-docker-helm:
|
||||
release:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: https://git.keligrubb.com/actions/checkout@v6
|
||||
with:
|
||||
token: ${{ secrets.KESTRELOS_REPO_TOKEN }}
|
||||
|
||||
- name: Get PR description for changelog
|
||||
env:
|
||||
GITEA_REPO_TOKEN: ${{ secrets.KESTRELOS_REPO_TOKEN }}
|
||||
run: |
|
||||
sudo rm -f /etc/apt/sources.list.d/microsoft*.list /etc/apt/sources.list.d/azure*.list 2>/dev/null || true
|
||||
sudo apt-get update -qq && sudo apt-get install -y -qq jq
|
||||
RESP=$(curl -sf -H "Authorization: token $GITEA_REPO_TOKEN" \
|
||||
"${{ github.server_url }}/api/v1/repos/${{ github.repository }}/commits/${{ github.sha }}/pull") || true
|
||||
if [ -n "$RESP" ]; then
|
||||
echo "$RESP" | jq -r '.body // empty' > .ci_pr_body 2>/dev/null || true
|
||||
fi
|
||||
|
||||
- name: Release (bump, tag, push, create release)
|
||||
env:
|
||||
CI_REPO_OWNER: ${{ github.actor }}
|
||||
@@ -20,9 +32,19 @@ jobs:
|
||||
CI_COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
|
||||
GITEA_REPO_TOKEN: ${{ secrets.KESTRELOS_REPO_TOKEN }}
|
||||
run: |
|
||||
sudo rm -f /etc/apt/sources.list.d/microsoft*.list /etc/apt/sources.list.d/azure*.list 2>/dev/null || true
|
||||
sudo apt-get update -qq && sudo apt-get install -y -qq git wget
|
||||
./scripts/release.sh
|
||||
|
||||
publish:
|
||||
needs: release
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: https://git.keligrubb.com/actions/checkout@v6
|
||||
with:
|
||||
ref: main
|
||||
token: ${{ secrets.KESTRELOS_REPO_TOKEN }}
|
||||
|
||||
- name: Log in to container registry
|
||||
uses: https://git.keligrubb.com/actions/docker-login-action@v4
|
||||
with:
|
||||
@@ -40,14 +62,19 @@ jobs:
|
||||
load: true
|
||||
tags: kestrelos:built
|
||||
|
||||
- name: Push Docker image (all tags from .tags)
|
||||
- name: Push Docker image (version + latest)
|
||||
run: |
|
||||
VERSION=$(awk '/"version"/ { match($0, /[0-9]+\.[0-9]+\.[0-9]+/); print substr($0, RSTART, RLENGTH); exit }' package.json)
|
||||
case "$VERSION" in
|
||||
[0-9]*.[0-9]*.[0-9]*) ;;
|
||||
*) echo "error: package.json version must be x.y.z (got: $VERSION)"; exit 1 ;;
|
||||
esac
|
||||
REGISTRY="git.keligrubb.com"
|
||||
IMAGE="$REGISTRY/${{ github.repository }}"
|
||||
while read -r tag; do
|
||||
for tag in "$VERSION" latest; do
|
||||
docker tag kestrelos:built "$IMAGE:$tag"
|
||||
docker push "$IMAGE:$tag"
|
||||
done < .tags
|
||||
done
|
||||
|
||||
- name: Set up Helm
|
||||
uses: https://git.keligrubb.com/actions/setup-helm@v5
|
||||
|
||||
Reference in New Issue
Block a user