v4.2.3 #27
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Production deploy | |
on: | |
release: | |
types: [published] | |
jobs: | |
deploy-and-tarball: | |
name: Netlify deploy and tarball | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/[email protected] | |
- name: Setup node | |
uses: actions/[email protected] | |
with: | |
node-version: 20.12.2 | |
cache: 'npm' | |
- name: Install dependencies | |
run: npm ci | |
- name: Build app | |
env: | |
NODE_OPTIONS: '--max_old_space_size=4096' | |
run: npm run build | |
- name: Deploy to Netlify | |
uses: nwtgck/actions-netlify@4cbaf4c08f1a7bfa537d6113472ef4424e4eb654 | |
with: | |
publish-dir: dist | |
deploy-message: 'Prod deploy ${{ github.ref_name }}' | |
enable-commit-comment: false | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
production-deploy: true | |
github-deployment-environment: stable | |
github-deployment-description: 'Stable deployment on each release' | |
env: | |
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} | |
NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID_APP }} | |
timeout-minutes: 1 | |
- name: Get version from tag | |
id: vars | |
run: echo "tag=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT | |
- name: Create tar.gz | |
run: tar -czvf cinny-${{ steps.vars.outputs.tag }}.tar.gz dist | |
- name: Sign tar.gz | |
run: | | |
echo '${{ secrets.GNUPG_KEY }}' | gpg --batch --import | |
# Sadly a few lines in the private key match a few lines in the public key, | |
# As a result just --export --armor gives us a few lines replaced with *** | |
# making it useless for importing the signing key. Instead, we dump it as | |
# non-armored and hex-encode it so that its printable. | |
echo "PGP Signing key, in raw PGP format in hex. Import with cat ... | xxd -r -p - | gpg --import" | |
gpg --export | xxd -p | |
echo '${{ secrets.GNUPG_PASSPHRASE }}' | gpg --batch --yes --pinentry-mode loopback --passphrase-fd 0 --armor --detach-sign cinny-${{ steps.vars.outputs.tag }}.tar.gz | |
- name: Upload tagged release | |
uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 | |
with: | |
files: | | |
cinny-${{ steps.vars.outputs.tag }}.tar.gz | |
cinny-${{ steps.vars.outputs.tag }}.tar.gz.asc | |
publish-image: | |
name: Push Docker image to Docker Hub, ghcr | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout repository | |
uses: actions/[email protected] | |
- name: Set up QEMU | |
uses: docker/[email protected] | |
- name: Set up Docker Buildx | |
uses: docker/[email protected] | |
- name: Login to Docker Hub | |
uses: docker/[email protected] | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Login to the Container registry | |
uses: docker/[email protected] | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Extract metadata (tags, labels) for Docker | |
id: meta | |
uses: docker/[email protected] | |
with: | |
images: | | |
${{ secrets.DOCKER_USERNAME }}/cinny | |
ghcr.io/${{ github.repository }} | |
- name: Build and push Docker image | |
uses: docker/[email protected] | |
with: | |
context: . | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} |