Hartmut/CapaKraken
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
da0d69c1c3e3ac7c489e19ac8f7919d24eabd37a
CapaKraken/.github/workflows/release-image.yml
T
Hartmut 3391ae5ce6
CI / Assistant Split Regression (push) Failing after 5m21s
Details
CI / Architecture Guardrails (push) Failing after 5m28s
Details
CI / Unit Tests (push) Failing after 27s
Details
CI / Typecheck (push) Failing after 8m39s
Details
CI / Build (push) Has been skipped
Details
CI / E2E Tests (push) Has been skipped
Details
CI / Lint (push) Successful in 9m32s
Details
CI / Release Images (push) Has been skipped
Details
CI / Fresh-Linux Docker Deploy (push) Has been skipped
Details
ci: consolidate workflows into single CI pipeline with job deps 
Collapses ci.yml, release-image.yml, and deploy-test.yml from three
parallel push-triggered workflows into one orchestrated pipeline:

- release-image.yml: converted to reusable workflow (workflow_call +
  workflow_dispatch). No longer triggers on push directly.
- deploy-test.yml: deleted, content inlined into ci.yml as the
  docker-deploy-test job with needs: [build].
- ci.yml: adds docker-deploy-test job and release-images job. The
  release-images job calls release-image.yml via uses: and is gated
  to push events on main, so PRs do not publish images.
- check-architecture-guardrails.mjs: updated to enforce the new
  reusable-workflow shape (workflow_call trigger, ci.yml chains
  release-image.yml, main-push gating).

One run per commit, clear Success/Failure status, no wasted image
builds when CI fails.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-12 14:54:05 +02:00

85 lines
2.7 KiB
YAML
Raw Blame History

name: Release Image
# Reusable workflow: called from ci.yml after all checks pass.
# Can also be dispatched manually for rebuilds or tag overrides.
on:
workflow_call:
inputs:
image_tag:
description: Optional tag override, defaults to sha-<commit>
required: false
type: string
secrets:
GHCR_USERNAME:
required: true
GHCR_TOKEN:
required: true
workflow_dispatch:
inputs:
image_tag:
description: Optional tag override, defaults to sha-<commit>
required: false
type: string
permissions:
contents: read
jobs:
build-and-push:
name: Build And Push Images
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
run: docker buildx create --use --name ci-builder 2>/dev/null || true
- name: Login to GHCR
# Requires Gitea secrets: GHCR_USERNAME (GitHub username) and
# GHCR_TOKEN (GitHub PAT with write:packages scope)
run: |
echo "${{ secrets.GHCR_TOKEN }}" | \
docker login ghcr.io -u "${{ secrets.GHCR_USERNAME }}" --password-stdin
- id: vars
name: Compute image refs
run: |
owner="$(echo '${{ github.repository_owner }}' | tr '[:upper:]' '[:lower:]')"
repo="$(basename '${{ github.repository }}' | tr '[:upper:]' '[:lower:]')"
image_tag="${{ inputs.image_tag }}"
if [ -z "${image_tag}" ]; then
image_tag="sha-${GITHUB_SHA}"
fi
echo "app_image=ghcr.io/${owner}/${repo}-app:${image_tag}" >> "$GITHUB_OUTPUT"
echo "migrator_image=ghcr.io/${owner}/${repo}-migrator:${image_tag}" >> "$GITHUB_OUTPUT"
# Guardrail anchor: target: runner
- name: Build and push app image
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile.prod
target: runner
push: true
tags: ${{ steps.vars.outputs.app_image }}
cache-from: type=gha,scope=app
cache-to: type=gha,mode=max,scope=app
# Guardrail anchor: target: migrator
- name: Build and push migrator image
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile.prod
target: migrator
push: true
tags: ${{ steps.vars.outputs.migrator_image }}
cache-from: type=gha,scope=migrator
cache-to: type=gha,mode=max,scope=migrator
- name: Release summary
run: |
echo "App image: ${{ steps.vars.outputs.app_image }}"
echo "Migrator image: ${{ steps.vars.outputs.migrator_image }}"
Reference in New Issue View Git Blame Copy Permalink