Hartmut/CapaKraken
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(platform): harden access scoping and delivery baseline

Browse Source
This commit is contained in:
Hartmut Nörenberg
2026-03-30 00:27:31 +02:00
parent 00b936fa1f
commit 819345acfa
109 changed files with 26142 additions and 8081 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/release-image.yml
+63
View File
@@ -0,0 +1,63 @@
name: Release Image
on:
workflow_dispatch:
inputs:
image_tag:
description: Optional tag override, defaults to sha-<commit>
required: false
type: string
permissions:
contents: read
packages: write
jobs:
build-and-push:
name: Build And Push Images
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
- uses: docker/setup-buildx-action@v3
- uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- id: vars
name: Compute image refs
run: |
owner="$(echo '${{ github.repository_owner }}' | tr '[:upper:]' '[:lower:]')"
repo="$(basename '${{ github.repository }}' | tr '[:upper:]' '[:lower:]')"
image_tag="${{ inputs.image_tag }}"
if [ -z "${image_tag}" ]; then
image_tag="sha-${GITHUB_SHA}"
fi
echo "app_image=ghcr.io/${owner}/${repo}-app:${image_tag}" >> "$GITHUB_OUTPUT"
echo "migrator_image=ghcr.io/${owner}/${repo}-migrator:${image_tag}" >> "$GITHUB_OUTPUT"
- name: Build and push app image
uses: docker/build-push-action@v6
with:
context: .
file: ./Dockerfile.prod
target: runner
push: true
tags: ${{ steps.vars.outputs.app_image }}
cache-from: type=gha,scope=app-image
cache-to: type=gha,mode=max,scope=app-image
- name: Build and push migrator image
uses: docker/build-push-action@v6
with:
context: .
file: ./Dockerfile.prod
target: migrator
push: true
tags: ${{ steps.vars.outputs.migrator_image }}
cache-from: type=gha,scope=migrator-image
cache-to: type=gha,mode=max,scope=migrator-image