Update README.md (#24) #48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release to Production | |
| on: | |
| push: | |
| branches: [main] | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| jobs: | |
| docker: | |
| name: "Release Docker image" | |
| runs-on: ubuntu-latest | |
| outputs: | |
| VERSION: ${{ steps.version.outputs.version }} | |
| steps: | |
| - id: checkout | |
| name: Checkout Repository | |
| uses: actions/checkout@v3 | |
| - name: Setup Nodejs | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: "20" | |
| - name: Install dependencies | |
| run: npm ci | |
| - id: version | |
| name: Determine Release Version | |
| run: | | |
| npm install @semantic-release/exec -D | |
| npm install @semantic-release/changelog -D | |
| npm install @semantic-release/git -D | |
| npx semantic-release --dry-run | |
| cat VERSION.env | |
| source VERSION.env | |
| echo "::set-output name=version::$VERSION" | |
| - name: Set up QEMU | |
| if: ${{ steps.version.outputs.VERSION != ''}} | |
| uses: docker/setup-qemu-action@v2 | |
| - name: Set up Docker Buildx | |
| if: ${{ steps.version.outputs.VERSION != ''}} | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Login to GHCR | |
| if: ${{ steps.version.outputs.VERSION != ''}} | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and Push Docker Image | |
| if: ${{ steps.version.outputs.VERSION != ''}} | |
| id: build-and-push | |
| uses: docker/build-push-action@v2 | |
| with: | |
| context: . | |
| build-args: VERSION=${{steps.version.outputs.VERSION}} | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: ghcr.io/${{ github.repository }}:${{steps.version.outputs.VERSION}} | |
| - uses: sigstore/[email protected] | |
| - name: Image Signing | |
| run: | | |
| cosign sign --yes \ | |
| -a "repo=${{ github.repository }}" \ | |
| -a "workflow=${{ github.workflow }}" \ | |
| -a "ref=${{ github.sha }}" \ | |
| -a "owner=Spectro Cloud" \ | |
| --key env://COSIGN_PRIVATE_KEY --recursive "${TAGS}@${DIGEST}" | |
| env: | |
| TAGS: ghcr.io/${{ github.repository }}:${{steps.dependencies.outputs.VERSION}} | |
| COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} | |
| COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | |
| DIGEST: ${{ steps.build-and-push.outputs.digest }} | |
| docker-reverse-proxy: | |
| name: "Docker w/Proxy image" | |
| runs-on: ubuntu-latest | |
| outputs: | |
| VERSION: ${{ steps.version.outputs.version }} | |
| steps: | |
| - id: checkout | |
| name: Checkout Repository | |
| uses: actions/checkout@v3 | |
| - name: Setup Nodejs | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: "20" | |
| - name: Install dependencies | |
| run: npm ci | |
| - id: version | |
| name: Determine Release Version | |
| run: | | |
| npm install @semantic-release/exec -D | |
| npm install @semantic-release/changelog -D | |
| npm install @semantic-release/git -D | |
| npx semantic-release --dry-run | |
| cat VERSION.env | |
| source VERSION.env | |
| echo "::set-output name=version::$VERSION" | |
| - name: Set up QEMU | |
| if: ${{ steps.version.outputs.VERSION != ''}} | |
| uses: docker/setup-qemu-action@v2 | |
| - name: Set up Docker Buildx | |
| if: ${{ steps.version.outputs.VERSION != ''}} | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Login to GHCR | |
| if: ${{ steps.version.outputs.VERSION != ''}} | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and Push Docker Image | |
| if: ${{ steps.version.outputs.VERSION != ''}} | |
| id: build-and-push | |
| uses: docker/build-push-action@v2 | |
| with: | |
| context: . | |
| file: Dockerfile.Caddy | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: ghcr.io/${{ github.repository }}:${{steps.version.outputs.VERSION}}-proxy | |
| - uses: sigstore/[email protected] | |
| - name: Image Signing | |
| run: | | |
| cosign sign --yes \ | |
| -a "repo=${{ github.repository }}" \ | |
| -a "workflow=${{ github.workflow }}" \ | |
| -a "ref=${{ github.sha }}" \ | |
| -a "owner=Spectro Cloud" \ | |
| --key env://COSIGN_PRIVATE_KEY --recursive "${TAGS}@${DIGEST}" | |
| env: | |
| TAGS: ghcr.io/${{ github.repository }}:${{steps.dependencies.outputs.VERSION}} | |
| COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} | |
| COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | |
| DIGEST: ${{ steps.build-and-push.outputs.digest }} | |
| release: | |
| name: "Release" | |
| needs: [docker, docker-reverse-proxy] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - id: checkout | |
| name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Retrieve Credentials | |
| id: import-secrets | |
| uses: hashicorp/[email protected] | |
| with: | |
| url: https://vault.prism.spectrocloud.com | |
| method: approle | |
| roleId: ${{ secrets.VAULT_ROLE_ID }} | |
| secretId: ${{ secrets.VAULT_SECRET_ID }} | |
| secrets: /providers/github/organizations/spectrocloud/token?org_name=spectrocloud token | VAULT_GITHUB_TOKEN | |
| - name: Setup Nodejs | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20" | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: "release" | |
| env: | |
| GITHUB_TOKEN: ${{ steps.import-secrets.outputs.VAULT_GITHUB_TOKEN }} | |
| run: npx semantic-release |