130 lines
3.6 KiB
YAML
130 lines
3.6 KiB
YAML
name: Publish Docker Images
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- develop
|
|
tags:
|
|
- 'v*.*.*'
|
|
pull_request:
|
|
types: [opened, synchronize, reopened]
|
|
|
|
env:
|
|
CACHIX_NAME: devenv
|
|
DOCKER_REGISTRY: labs.phundrak.com # Override in repository settings if needed
|
|
IMAGE_NAME: phundrak/bakit
|
|
|
|
jobs:
|
|
coverage-and-sonar:
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
pull-requests: read
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Install Nix
|
|
uses: cachix/install-nix-action@v27
|
|
with:
|
|
nix_path: nixpkgs=channel:nixos-unstable
|
|
|
|
- name: Setup Cachix
|
|
uses: cachix/cachix-action@v15
|
|
with:
|
|
name: '${{ env.CACHIX_NAME }}'
|
|
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
|
|
skipPush: ${{ github.event_name == 'pull_request' }}
|
|
|
|
- name: Coverage
|
|
run: |
|
|
nix develop --no-pure-eval --accept-flake-config --command just coverage
|
|
|
|
- name: Sonar analysis
|
|
uses: SonarSource/sonarqube-scan-action@v6
|
|
env:
|
|
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
|
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
|
|
|
|
build-docker:
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
packages: write # Required for pushing to Phundrak Labs registry
|
|
pull-requests: read
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Install Nix
|
|
uses: cachix/install-nix-action@v27
|
|
with:
|
|
nix_path: nixpkgs=channel:nixos-unstable
|
|
|
|
- name: Setup Cachix
|
|
uses: cachix/cachix-action@v15
|
|
with:
|
|
name: '${{ env.CACHIX_NAME }}'
|
|
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
|
|
skipPush: ${{ github.event_name == 'pull_request' }}
|
|
|
|
- name: Build Docker image with Nix
|
|
run: |
|
|
echo "Building Docker image..."
|
|
nix build .#backendDockerLatest --accept-flake-config
|
|
cp -L result docker-image.tar.gz
|
|
|
|
- name: Upload Docker image artifact
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: docker-image
|
|
path: docker-image.tar.gz
|
|
retention-days: 1
|
|
|
|
push-docker:
|
|
needs: [coverage-and-sonar, build-docker]
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
packages: write # Required for pushing to Phundrak Labs registry
|
|
|
|
steps:
|
|
- name: Download Docker image artifact
|
|
uses: actions/download-artifact@v3
|
|
with:
|
|
name: docker-image
|
|
|
|
- name: Load Docker image
|
|
run: |
|
|
echo "Loading Docker image into Docker daemon..."
|
|
docker load < docker-image.tar.gz
|
|
|
|
- name: Push Docker tags
|
|
id: push
|
|
uses: https://labs.phundrak.com/phundrak/docker-push-action@v1
|
|
with:
|
|
registry: ${{ env.DOCKER_REGISTRY }}
|
|
registry-username: ${{ secrets.DOCKER_USERNAME }}
|
|
registry-password: ${{ secrets.DOCKER_PASSWORD }}
|
|
image-name: ${{ env.IMAGE_NAME }}
|
|
local-image: phundrak/bakit:latest
|
|
event-name: ${{ github.event_name }}
|
|
ref: ${{ github.ref }}
|
|
ref-type: ${{ github.ref_type }}
|
|
ref-name: ${{ github.ref_name }}
|
|
pr-number: ${{ github.event.pull_request.number }}
|
|
|
|
- name: Delete Docker image artifact
|
|
uses: geekyeggo/delete-artifact@v2
|
|
with:
|
|
name: docker-image
|
|
|
|
- name: Image published successfully
|
|
run: |
|
|
echo "✅ Docker image(s) published successfully to ${{ env.DOCKER_REGISTRY }}/${{ env.IMAGE_NAME }}"
|