mirror of
https://github.com/nicotsx/zerobyte.git
synced 2026-02-08 04:21:18 -05:00
138 lines
4.2 KiB
YAML
138 lines
4.2 KiB
YAML
name: Release Workflow
|
|
|
|
on:
|
|
push:
|
|
tags:
|
|
- "v*.*.*"
|
|
- "v*.*.*-beta.*"
|
|
- "v*.*.*-alpha.*"
|
|
|
|
permissions:
|
|
contents: write
|
|
packages: write
|
|
security-events: write
|
|
|
|
jobs:
|
|
determine-release-type:
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
release_type: ${{ steps.set-type.outputs.release_type }}
|
|
tagname: ${{ github.ref_name }}
|
|
steps:
|
|
- name: Set release type
|
|
id: set-type
|
|
run: |
|
|
TAG=${GITHUB_REF#refs/tags/}
|
|
if [[ $TAG == *-alpha* ]]; then
|
|
echo "release_type=alpha" >> $GITHUB_OUTPUT
|
|
elif [[ $TAG == *-beta* ]]; then
|
|
echo "release_type=beta" >> $GITHUB_OUTPUT
|
|
else
|
|
echo "release_type=release" >> $GITHUB_OUTPUT
|
|
fi
|
|
|
|
checks:
|
|
uses: ./.github/workflows/checks.yml
|
|
|
|
build-images:
|
|
timeout-minutes: 15
|
|
needs: [determine-release-type, checks]
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v6
|
|
with:
|
|
fetch-depth: 0
|
|
ref: ${{ github.ref }}
|
|
|
|
- name: Log in to Docker Hub
|
|
uses: docker/login-action@v3
|
|
with:
|
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
with:
|
|
driver: cloud
|
|
endpoint: "meienberger/runtipi-builder"
|
|
install: true
|
|
|
|
- name: Login to GitHub Container Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.repository_owner }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Build docker image
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
context: .
|
|
target: production
|
|
platforms: linux/amd64
|
|
push: false
|
|
load: true
|
|
tags: local/zerobyte:ci
|
|
build-args: |
|
|
APP_VERSION=${{ needs.determine-release-type.outputs.tagname }}
|
|
|
|
- name: Scan new image for vulnerabilities
|
|
uses: anchore/scan-action@v7
|
|
id: scan
|
|
with:
|
|
image: local/zerobyte:ci
|
|
fail-build: true
|
|
severity-cutoff: critical
|
|
|
|
- name: upload Anchore scan report
|
|
uses: github/codeql-action/upload-sarif@v4
|
|
with:
|
|
sarif_file: ${{ steps.scan.outputs.sarif }}
|
|
|
|
- name: Docker meta
|
|
id: meta
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: ghcr.io/${{ github.repository_owner }}/zerobyte
|
|
tags: |
|
|
type=semver,pattern={{version}},prefix=v
|
|
type=semver,pattern={{major}},prefix=v,enable=${{ needs.determine-release-type.outputs.release_type == 'release' }}
|
|
type=semver,pattern={{major}}.{{minor}},prefix=v,enable=${{ needs.determine-release-type.outputs.release_type == 'release' }}
|
|
type=semver,pattern={{major}}.{{minor}}.{{patch}},prefix=v,enable=${{ needs.determine-release-type.outputs.release_type == 'release' }}
|
|
flavor: |
|
|
latest=${{ needs.determine-release-type.outputs.release_type == 'release' }}
|
|
|
|
- name: Push images to GitHub Container Registry
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
context: .
|
|
target: production
|
|
platforms: linux/amd64,linux/arm64
|
|
push: true
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
labels: ${{ steps.meta.outputs.labels }}
|
|
build-args: |
|
|
APP_VERSION=${{ needs.determine-release-type.outputs.tagname }}
|
|
|
|
publish-release:
|
|
runs-on: ubuntu-latest
|
|
needs: [build-images, determine-release-type]
|
|
if: needs.determine-release-type.outputs.release_type == 'release'
|
|
outputs:
|
|
id: ${{ steps.create_release.outputs.id }}
|
|
steps:
|
|
- name: Create GitHub release
|
|
id: create_release
|
|
uses: softprops/action-gh-release@v2
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
with:
|
|
body: |
|
|
**${{ needs.determine-release-type.outputs.tagname }}**
|
|
tag_name: ${{ needs.determine-release-type.outputs.tagname }}
|
|
name: ${{ needs.determine-release-type.outputs.tagname }}
|
|
draft: false
|
|
prerelease: true
|
|
files: cli/runtipi-cli-*
|