New pipeline

.github/workflows/ci.yml

@@ -13,6 +13,10 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+  packages: write
+
 jobs:
   tests:
     name: Tests
@@ -57,17 +61,62 @@ jobs:
         run: docker compose exec -T php vendor/bin/phpunit
       - name: Doctrine Schema Validator
         run: docker compose exec -T php bin/console -e test doctrine:schema:validate
-  deploy:
-    name: Deploy
+  
+  build-deploy:
+    name: Build and deploy to ${{ startsWith(github.ref, 'refs/tags/') && 'production' || (github.ref == 'refs/heads/main' && 'acceptance' || '') }}
     environment:
       name: ${{ startsWith(github.ref, 'refs/tags/') && 'production' || (github.ref == 'refs/heads/main' && 'acceptance' || '') }}
       url: ${{ vars.URL }}
     needs: tests
     runs-on: ubuntu-latest
-    if: startsWith(github.ref, 'refs/tags/')
+    if: (github.ref == 'refs/heads/main' && false) || startsWith(github.ref, 'refs/tags/')
     steps:
-      - shell: bash
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        run: |
+          REPO_LOWER=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]')
+          if [[ "${{ github.ref }}" == refs/tags/* ]]; then
+            TAG="${GITHUB_REF#refs/tags/}"
+            {
+              echo "tag=$TAG"
+              echo "full_name=ghcr.io/${REPO_LOWER}:$TAG"
+            } >> "$GITHUB_OUTPUT"
+          else
+            SHORT_SHA=$(git rev-parse --short HEAD)
+            {
+              echo "tag=$SHORT_SHA"
+              echo "full_name=ghcr.io/${REPO_LOWER}:$SHORT_SHA"
+            } >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Build and Push Docker images
+        uses: docker/bake-action@v5
+        with:
+          pull: true
+          push: true
+          files: |
+            compose.yaml
+            compose.build.yaml
+          set: |
+            *.cache-from=type=gha,scope=${{github.ref}}
+            *.cache-from=type=gha,scope=refs/heads/main
+            *.cache-to=type=gha,scope=${{github.ref}},mode=max
+            *.tags=${{ steps.meta.outputs.full_name }}
+
+      - name: Trigger Portainer Deployment
+        shell: bash
         env:
           PORTAINER_WEBHOOK: ${{secrets.PORTAINER_WEBHOOK}}
         run: |
-          curl -v -X POST "$PORTAINER_WEBHOOK"
+          curl -v -X POST "$PORTAINER_WEBHOOK"?IMAGE_TAG=${{steps.meta.outputs.tag}} --fail-with-body

compose.build.yaml

@@ -0,0 +1,5 @@
+services:
+  php:
+    build:
+      context: .
+      target: frankenphp_prod

compose.prod.yaml

@@ -1,9 +1,7 @@
 # Production environment override
 services:
   php:
-    build:
-      context: .
-      target: frankenphp_prod
+    image: ghcr.io/marijndoeve/tijdvoordetest:${IMAGE_TAG}
     environment:
       APP_SECRET: ${APP_SECRET}
       MERCURE_PUBLISHER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET}