phundrak/bakit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: better action workflow
Some checks failed
Publish Docker Images / coverage-and-sonar (push) Successful in 13m49s
Details
Publish Docker Images / build-docker (push) Successful in 14m3s
Details
Publish Docker Images / push-docker (push) Failing after 29s
Details

Browse Source
This commit is contained in:
Lucien Cartier-Tilet
2025-11-27 15:39:36 +01:00
parent ce28426075
commit 72bbb8b648
1 changed files with 128 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

192
.github/workflows/publish-docker.yml vendored
View File

@@ -16,7 +16,41 @@ env:
IMAGE_NAME: phundrak/phundrak-dot-com-backend IMAGE_NAME: phundrak/phundrak-dot-com-backend
jobs: jobs:
build-and-publish: coverage-and-sonar:
runs-on: ubuntu-latest
permissions:
content: read
pull-requests: read
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install Nix
uses: cachix/install-nix-action@v27
with:
nix_path: nixpkgs=channel:nixos-unstable
- name: Setup Cachix
uses: cachix/cachix-action@v15
with:
name: '${{ env.CACHIX_NAME }}'
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
skipPush: ${{ github.event_name == 'pull_request' }}
- name: Coverage
run: |
nix develop --no-pure-eval --accept-flake-config --command just coverage
- name: Sonar analysis
uses: SonarSource/sonarqube-scan-action@v6
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
build-docker:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
contents: read contents: read
@@ -39,93 +73,123 @@ jobs:
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
skipPush: ${{ github.event_name == 'pull_request' }} skipPush: ${{ github.event_name == 'pull_request' }}
- name: Coverage
run: |
nix develop --no-pure-eval --command just coverage
- name: Sonar analysis
uses: SonarSource/sonarqube-scan-action@v6
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
- name: Build Docker image with Nix - name: Build Docker image with Nix
run: | run: |
echo "Building Docker image..." echo "Building Docker image..."
nix build .#backendDockerLatest --accept-flake-config nix build .#backendDockerLatest --accept-flake-config
cp -L result docker-image.tar.gz
- name: Upload Docker image artifact
uses: actions/upload-artifact@v3
with:
name: docker-image
path: docker-image.tar.gz
retention-days: 1
push-docker:
needs: [coverage-and-sonar, build-docker]
runs-on: ubuntu-latest
permissions:
contents: read
packages: write # Required for pushing to Phundrak Labs registry
steps:
- name: Download Docker image artifact
uses: actions/download-artifact@v3
with:
name: docker-image
- name: Load Docker image - name: Load Docker image
run: | run: |
echo "Loading Docker image into Docker daemon..." echo "Loading Docker image into Docker daemon..."
docker load < result docker load < docker-image.tar.gz
- name: Log in to Docker Registry - name: Push Docker tags
run: | id: push
echo "${{ secrets.DOCKER_PASSWORD }}" | docker login ${{ env.DOCKER_REGISTRY }} -u ${{ secrets.DOCKER_USERNAME }} --password-stdin uses: https://labs.phundrak.com/phundrak/docker-push-action@v1
with:
registry: ${{ env.DOCKER_REGISTRY }}
registry-username: ${{ secrets.DOCKER_USERNAME }}
registry-password: ${{ secrets.DOCKER_PASSWORD }}
image-name: ${{ env.IMAGE_NAME }}
local-image-name: phundrak/phundrak-dot-com-backend:latest
event-name: ${{ github.event_name }}
ref: ${{ github.ref }}
ref-type: ${{ github.ref_type }}
ref-name: ${{ github.ref_name }}
pr-number: ${{ github.event.pull_request.number }}
# - name: Log in to Docker Registry
# run: |
# echo "${{ secrets.DOCKER_PASSWORD }}" | docker login ${{ env.DOCKER_REGISTRY }} -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
- name: Determine tags and push images # - name: Determine tags and push images
run: | # run: |
set -euo pipefail # set -euo pipefail
REGISTRY="${{ env.DOCKER_REGISTRY }}" # REGISTRY="${{ env.DOCKER_REGISTRY }}"
IMAGE_NAME="${{ env.IMAGE_NAME }}" # IMAGE_NAME="${{ env.IMAGE_NAME }}"
# The locally built image from Nix (name comes from Cargo.toml package.name) # # The locally built image from Nix (name comes from Cargo.toml package.name)
LOCAL_IMAGE="phundrak/phundrak-dot-com-backend:latest" # LOCAL_IMAGE="phundrak/phundrak-dot-com-backend:latest"
echo "Event: ${{ github.event_name }}" # echo "Event: ${{ github.event_name }}"
echo "Ref: ${{ github.ref }}" # echo "Ref: ${{ github.ref }}"
echo "Ref type: ${{ github.ref_type }}" # echo "Ref type: ${{ github.ref_type }}"
# Determine which tags to push based on the event # # Determine which tags to push based on the event
if [[ "${{ github.event_name }}" == "push" && "${{ github.ref_type }}" == "tag" ]]; then # if [[ "${{ github.event_name }}" == "push" && "${{ github.ref_type }}" == "tag" ]]; then
# Tag push on main branch → publish 'latest' and versioned tag # # Tag push on main branch → publish 'latest' and versioned tag
echo "Tag push detected" # echo "Tag push detected"
TAG_VERSION="${{ github.ref_name }}" # TAG_VERSION="${{ github.ref_name }}"
# Remove 'v' prefix if present (v1.0.0 → 1.0.0) # # Remove 'v' prefix if present (v1.0.0 → 1.0.0)
TAG_VERSION="${TAG_VERSION#v}" # TAG_VERSION="${TAG_VERSION#v}"
echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:latest" # echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:latest"
docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:latest" # docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:latest"
docker push "${REGISTRY}/${IMAGE_NAME}:latest" # docker push "${REGISTRY}/${IMAGE_NAME}:latest"
echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:${TAG_VERSION}" # echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:${TAG_VERSION}"
docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:${TAG_VERSION}" # docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:${TAG_VERSION}"
docker push "${REGISTRY}/${IMAGE_NAME}:${TAG_VERSION}" # docker push "${REGISTRY}/${IMAGE_NAME}:${TAG_VERSION}"
elif [[ "${{ github.event_name }}" == "push" && "${{ github.ref }}" == "refs/heads/develop" ]]; then # elif [[ "${{ github.event_name }}" == "push" && "${{ github.ref }}" == "refs/heads/develop" ]]; then
# Push on develop branch → publish 'develop' tag # # Push on develop branch → publish 'develop' tag
echo "Push to develop branch detected" # echo "Push to develop branch detected"
echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:develop" # echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:develop"
docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:develop" # docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:develop"
docker push "${REGISTRY}/${IMAGE_NAME}:develop" # docker push "${REGISTRY}/${IMAGE_NAME}:develop"
elif [[ "${{ github.event_name }}" == "pull_request" ]]; then # elif [[ "${{ github.event_name }}" == "pull_request" ]]; then
# Pull request → publish 'pr<number>' tag # # Pull request → publish 'pr<number>' tag
echo "Pull request detected" # echo "Pull request detected"
PR_NUMBER="${{ github.event.pull_request.number }}" # PR_NUMBER="${{ github.event.pull_request.number }}"
echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:pr${PR_NUMBER}" # echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:pr${PR_NUMBER}"
docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:pr${PR_NUMBER}" # docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:pr${PR_NUMBER}"
docker push "${REGISTRY}/${IMAGE_NAME}:pr${PR_NUMBER}" # docker push "${REGISTRY}/${IMAGE_NAME}:pr${PR_NUMBER}"
elif [[ "${{ github.event_name }}" == "push" && "${{ github.ref }}" == "refs/heads/main" ]]; then # elif [[ "${{ github.event_name }}" == "push" && "${{ github.ref }}" == "refs/heads/main" ]]; then
# Push to main branch (not a tag) → publish 'latest' # # Push to main branch (not a tag) → publish 'latest'
echo "Push to main branch detected" # echo "Push to main branch detected"
echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:latest" # echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:latest"
docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:latest" # docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:latest"
docker push "${REGISTRY}/${IMAGE_NAME}:latest" # docker push "${REGISTRY}/${IMAGE_NAME}:latest"
else # else
echo "Unknown event or ref, skipping push" # echo "Unknown event or ref, skipping push"
exit 1 # exit 1
fi # fi
- name: Log out from Docker Registry # - name: Log out from Docker Registry
if: always() # if: always()
run: docker logout ${{ env.DOCKER_REGISTRY }} # run: docker logout ${{ env.DOCKER_REGISTRY }}
- name: Delete Docker image artifact
uses: geekyeggo/delete-artifact@v2
with:
name: docker-image
- name: Image published successfully - name: Image published successfully
run: | run: |