name: Publish Docker Images on: push: branches: - main - develop tags: - 'v*.*.*' pull_request: types: [opened, synchronize, reopened] env: CACHIX_NAME: devenv DOCKER_REGISTRY: labs.phundrak.com # Override in repository settings if needed IMAGE_NAME: phundrak/bakit jobs: coverage-and-sonar: runs-on: ubuntu-latest permissions: contents: read pull-requests: read steps: - name: Checkout repository uses: actions/checkout@v4 with: fetch-depth: 0 - name: Install Nix uses: cachix/install-nix-action@v27 with: nix_path: nixpkgs=channel:nixos-unstable - name: Setup Cachix uses: cachix/cachix-action@v15 with: name: '${{ env.CACHIX_NAME }}' authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' skipPush: ${{ github.event_name == 'pull_request' }} - name: Coverage run: | nix develop --no-pure-eval --accept-flake-config --command just coverage - name: Sonar analysis uses: SonarSource/sonarqube-scan-action@v6 env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} build-docker: runs-on: ubuntu-latest permissions: contents: read packages: write # Required for pushing to Phundrak Labs registry pull-requests: read steps: - name: Checkout repository uses: actions/checkout@v4 - name: Install Nix uses: cachix/install-nix-action@v27 with: nix_path: nixpkgs=channel:nixos-unstable - name: Setup Cachix uses: cachix/cachix-action@v15 with: name: '${{ env.CACHIX_NAME }}' authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' skipPush: ${{ github.event_name == 'pull_request' }} - name: Build Docker image with Nix run: | echo "Building Docker image..." nix build .#backendDockerLatest --accept-flake-config cp -L result docker-image.tar.gz - name: Upload Docker image artifact uses: actions/upload-artifact@v3 with: name: docker-image path: docker-image.tar.gz retention-days: 1 push-docker: needs: [coverage-and-sonar, build-docker] runs-on: ubuntu-latest permissions: contents: read packages: write # Required for pushing to Phundrak Labs registry steps: - name: Download Docker image artifact uses: actions/download-artifact@v3 with: name: docker-image - name: Load Docker image run: | echo "Loading Docker image into Docker daemon..." docker load < docker-image.tar.gz - name: Push Docker tags id: push uses: https://labs.phundrak.com/phundrak/docker-push-action@v1 with: registry: ${{ env.DOCKER_REGISTRY }} registry-username: ${{ secrets.DOCKER_USERNAME }} registry-password: ${{ secrets.DOCKER_PASSWORD }} image-name: ${{ env.IMAGE_NAME }} local-image-name: phundrak/bakit:latest event-name: ${{ github.event_name }} ref: ${{ github.ref }} ref-type: ${{ github.ref_type }} ref-name: ${{ github.ref_name }} pr-number: ${{ github.event.pull_request.number }} - name: Delete Docker image artifact uses: geekyeggo/delete-artifact@v2 with: name: docker-image - name: Image published successfully run: | echo "✅ Docker image(s) published successfully to ${{ env.DOCKER_REGISTRY }}/${{ env.IMAGE_NAME }}"