name: Semantic Release, Build & Deploy on: push: branches: - '**' concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true permissions: contents: read jobs: release: runs-on: ubuntu-24.04 if: github.ref == 'refs/heads/main' timeout-minutes: 20 permissions: contents: write outputs: new_release_published: ${{ steps.semantic.outputs.new_release_published }} new_release_version: ${{ steps.semantic.outputs.new_release_version }} steps: - name: Checkout repository uses: actions/checkout@v6 with: fetch-depth: 0 - name: Import GPG key and configure signing uses: crazy-max/ghaction-import-gpg@v6 with: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} passphrase: ${{ secrets.GPG_PASSPHRASE }} git_user_signingkey: true git_commit_gpgsign: true git_config_global: true - name: Configure git user run: | git config --global user.name "Arlind-dev" git config --global user.email "arlind@sulej.ch" - name: Run semantic-release id: semantic uses: cycjimmy/semantic-release-action@v6 with: extra_plugins: | @semantic-release/changelog @semantic-release/git @semantic-release/github @semantic-release/commit-analyzer @semantic-release/release-notes-generator conventional-changelog-conventionalcommits env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GIT_AUTHOR_NAME: Arlind-dev GIT_COMMITTER_NAME: Arlind-dev GIT_AUTHOR_EMAIL: arlind@sulej.ch GIT_COMMITTER_EMAIL: arlind@sulej.ch docker-prod: runs-on: ubuntu-24.04 needs: [release] if: github.ref == 'refs/heads/main' && needs.release.outputs.new_release_published == 'true' timeout-minutes: 60 permissions: contents: read packages: write steps: - name: Checkout repository uses: actions/checkout@v6 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Log in to GitHub Container Registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Prepare build metadata id: meta run: | echo "owner_lc=${GITHUB_REPOSITORY_OWNER,,}" >> "$GITHUB_OUTPUT" echo "build_date=$(date -u +%Y-%m-%dT%H:%M:%SZ)" >> "$GITHUB_OUTPUT" - name: Build and push build-stage image uses: docker/build-push-action@v6 with: context: . file: Dockerfile.build platforms: linux/amd64 push: true provenance: mode=max sbom: true cache-from: type=gha cache-to: type=gha,mode=max outputs: type=registry,oci-mediatypes=true tags: | ghcr.io/${{ steps.meta.outputs.owner_lc }}/${{ vars.IMAGE_NAME }}:build-latest ghcr.io/${{ steps.meta.outputs.owner_lc }}/${{ vars.IMAGE_NAME }}:build-${{ needs.release.outputs.new_release_version }} - name: Build and push main image uses: docker/build-push-action@v6 with: context: . file: Dockerfile platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6,linux/386,linux/ppc64le,linux/riscv64,linux/s390x push: true provenance: mode=max sbom: true cache-from: type=gha cache-to: type=gha,mode=max outputs: type=registry,oci-mediatypes=true build-args: | BUILD_IMAGE=ghcr.io/${{ steps.meta.outputs.owner_lc }}/${{ vars.IMAGE_NAME }}:build-${{ needs.release.outputs.new_release_version }} tags: | ghcr.io/${{ steps.meta.outputs.owner_lc }}/${{ vars.IMAGE_NAME }}:latest ghcr.io/${{ steps.meta.outputs.owner_lc }}/${{ vars.IMAGE_NAME }}:${{ needs.release.outputs.new_release_version }} docker-dev: runs-on: ubuntu-24.04 if: github.ref != 'refs/heads/main' timeout-minutes: 60 permissions: contents: read packages: write steps: - name: Checkout repository uses: actions/checkout@v6 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Log in to GitHub Container Registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Prepare metadata and branch vars id: meta run: | echo "owner_lc=${GITHUB_REPOSITORY_OWNER,,}" >> "$GITHUB_OUTPUT" BRANCH_NAME=${GITHUB_REF#refs/heads/} SANITIZED_BRANCH=$(echo "$BRANCH_NAME" | tr '/' '-' | tr '_' '-' | tr -cd '[:alnum:]-') echo "sanitized_branch=$SANITIZED_BRANCH" >> "$GITHUB_OUTPUT" echo "sha_short=${GITHUB_SHA::7}" >> "$GITHUB_OUTPUT" echo "build_date=$(date -u +%Y-%m-%dT%H:%M:%SZ)" >> "$GITHUB_OUTPUT" - name: Build and push build-stage image uses: docker/build-push-action@v6 with: context: . file: Dockerfile.build platforms: linux/amd64 push: true provenance: mode=max sbom: true cache-from: type=gha cache-to: type=gha,mode=max outputs: type=registry,oci-mediatypes=true tags: | ghcr.io/${{ steps.meta.outputs.owner_lc }}/${{ vars.IMAGE_NAME }}:build-${{ steps.meta.outputs.sanitized_branch }}-${{ steps.meta.outputs.sha_short }} - name: Build and push main image uses: docker/build-push-action@v6 with: context: . file: Dockerfile platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6,linux/386,linux/ppc64le,linux/riscv64,linux/s390x push: true provenance: mode=max sbom: true cache-from: type=gha cache-to: type=gha,mode=max outputs: type=registry,oci-mediatypes=true build-args: | BUILD_IMAGE=ghcr.io/${{ steps.meta.outputs.owner_lc }}/${{ vars.IMAGE_NAME }}:build-${{ steps.meta.outputs.sanitized_branch }}-${{ steps.meta.outputs.sha_short }} tags: | ghcr.io/${{ steps.meta.outputs.owner_lc }}/${{ vars.IMAGE_NAME }}:${{ steps.meta.outputs.sanitized_branch }}-${{ steps.meta.outputs.sha_short }} deploy: runs-on: ubuntu-24.04 needs: release if: github.ref == 'refs/heads/main' timeout-minutes: 10 permissions: contents: read steps: - name: Trigger Cloudflare Pages deploy run: | curl -X POST "${{ secrets.CF_DEPLOY_HOOK_URL }}"