fix: use github secret #8
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and publish Docker | |
| on: | |
| push: | |
| branches: | |
| - '**' | |
| tags-ignore: | |
| - '*' | |
| workflow_dispatch: ~ | |
| env: | |
| CACHE_REGISTRY: ghcr.io | |
| CACHE_REPO: linode/apl-nodejs-helloworld | |
| REPO: linode/apl-nodejs-helloworld | |
| DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
| DOCKER_USERNAME: ${{ vars.DOCKER_USERNAME }} | |
| BOT_EMAIL: ${{ vars.BOT_EMAIL }} | |
| BOT_USERNAME: ${{ vars.BOT_USERNAME }} | |
| COMMIT_SHA: ${{ github.sha }} | |
| jobs: | |
| build-test-cache: | |
| if: (!contains(github.event.head_commit.message, 'ci skip') && !startsWith(github.ref, 'refs/tags/') && !github.event.act) | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Set env | |
| run: | | |
| tag=${GITHUB_REF##*/} | |
| echo "Creating tag: $tag" | |
| echo "TAG=$tag" >> $GITHUB_ENV | |
| if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then | |
| revision=${{ env.COMMIT_SHA }} | |
| echo "Setting apps revision to: $revision" | |
| echo "APPS_REVISION=$revision" >> $GITHUB_ENV | |
| else | |
| echo "Leaving apps revision empty" | |
| fi | |
| git config --global user.email $BOT_EMAIL | |
| git config --global user.name $BOT_USERNAME | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Github Packages | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.CACHE_REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: '${{ secrets.GITHUB_TOKEN }}' | |
| - name: CI tests, image build and push tag for main or branch | |
| uses: docker/build-push-action@v6 | |
| with: | |
| push: true | |
| build-args: | | |
| APPS_REVISION=${{ env.APPS_REVISION }} | |
| context: . | |
| tags: | | |
| ${{ env.CACHE_REGISTRY }}/${{ env.CACHE_REPO }}:${{ env.TAG }} | |
| push-to-docker: | |
| needs: build-test-cache | |
| if: always() && ((contains(needs.build-test-cache.result, 'success') && !contains(needs.integration.outputs.started, 'true')) || (contains(needs.integration.result, 'success'))) && !github.event.act && github.actor != 'dependabot[bot]' | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Push to docker hub | |
| run: | | |
| set -u | |
| TAG=${GITHUB_REF##*/} | |
| docker login ghcr.io -u $BOT_USERNAME -p ${{ secrets.BOT_TOKEN }} | |
| image="$CACHE_REGISTRY/$CACHE_REPO:$TAG" | |
| docker pull $image | |
| docker tag $image $REPO:$TAG | |
| docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD | |
| docker push $REPO:$TAG | |
| - name: Show me the logic | |
| run: | | |
| echo github.ref == ${{ github.ref }} | |
| release: | |
| needs: push-to-docker | |
| if: always() && (startsWith(github.ref, 'refs/heads/releases/') || startsWith(github.ref, 'refs/heads/main')) && startsWith(github.event.head_commit.message, 'chore(release)') && !github.event.act | |
| runs-on: ubuntu-22.04 | |
| env: | |
| COMMIT_MSG: ${{ github.event.head_commit.message }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Set env | |
| run: | | |
| git config --global user.email $BOT_EMAIL | |
| git config --global user.name $BOT_USERNAME | |
| - name: Create and push git tag | |
| id: git_tag | |
| run: | | |
| TAG=${GITHUB_REF##*/} | |
| docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD | |
| docker pull $REPO:$TAG | |
| docker tag $REPO:$TAG $REPO:latest | |
| docker push $REPO:latest | |
| release_tag=v$(jq -r '.version' < package.json) | |
| echo tag=$release_tag >> $GITHUB_OUTPUT | |
| echo "Releasing $REPO:$release_tag" | |
| docker tag $REPO:$TAG $REPO:$release_tag | |
| docker push $REPO:$release_tag | |
| docker login -u $BOT_USERNAME -p '${{ secrets.BOT_TOKEN }}' ghcr.io | |
| docker tag $REPO:$TAG $CACHE_REGISTRY/$CACHE_REPO:$release_tag | |
| docker push $CACHE_REGISTRY/$CACHE_REPO:$release_tag | |
| echo "machine github.com login ${{ env.BOT_USERNAME }} password ${{ secrets.BOT_TOKEN }}" > ~/.netrc | |
| git tag -am "$COMMIT_MSG" $release_tag && git push --follow-tags | |
| #Cut the CHANGELOG.md file up to the first occurence of the "### \[[0-9]*" (meaning three #, a space,a square bracket and any number after it) | |
| sed -n '/### \[[0-9]*/q;p' CHANGELOG.md > NEW_CHANGELOG.md | |
| - name: Create GitHub release | |
| uses: ncipollo/release-action@v1.20.0 | |
| env: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| tag: ${{ steps.git_tag.outputs.tag }} | |
| name: Release ${{ steps.git_tag.outputs.tag }} | |
| bodyFile: 'NEW_CHANGELOG.md' | |
| generateReleaseNotes: true |