diff --git a/.github/workflows/publish-docker.yml b/.github/workflows/publish-docker.yml index afb3b12..06e009d 100644 --- a/.github/workflows/publish-docker.yml +++ b/.github/workflows/publish-docker.yml @@ -16,11 +16,10 @@ env: IMAGE_NAME: phundrak/phundrak-dot-com-backend jobs: - build-and-publish: + coverage-and-sonar: runs-on: ubuntu-latest permissions: - contents: read - packages: write # Required for pushing to Phundrak Labs registry + content: read pull-requests: read steps: @@ -49,15 +48,60 @@ jobs: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} + + build-docker: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write # Required for pushing to Phundrak Labs registry + pull-requests: read + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Install Nix + uses: cachix/install-nix-action@v27 + with: + nix_path: nixpkgs=channel:nixos-unstable + + - name: Setup Cachix + uses: cachix/cachix-action@v15 + with: + name: '${{ env.CACHIX_NAME }}' + authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' + skipPush: ${{ github.event_name == 'pull_request' }} + - name: Build Docker image with Nix run: | echo "Building Docker image..." nix build .#backendDockerLatest --accept-flake-config + cp -L result docker-image.tar.gz + + - name: Upload Docker image artifact + uses: actions/upload-artifact@v4 + with: + name: docker-image + path: docker-image.tar.gz + retention-days: 1 + + push-docker: + needs: [coverage-and-sonar, build-docker] + runs-on: ubuntu-latest + permissions: + contents: read + packages: write # Required for pushing to Phundrak Labs registry + + steps: + - name: Download Docker image artifact + uses: actions/download-artifact@v4 + with: + name: docker-image - name: Load Docker image run: | echo "Loading Docker image into Docker daemon..." - docker load < result + docker load < docker-image.tar.gz - name: Log in to Docker Registry run: |