From ee1a15ee78d922a99c563e975d427380e21fceea Mon Sep 17 00:00:00 2001 From: Marijn Doeve Date: Mon, 20 Oct 2025 23:41:29 +0200 Subject: [PATCH] New pipeline --- .github/workflows/ci.yml | 59 ++++++++++++++++++++++++++++++++++++---- compose.build.yaml | 5 ++++ compose.prod.yaml | 4 +-- 3 files changed, 60 insertions(+), 8 deletions(-) create mode 100644 compose.build.yaml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a55d77c..0034028 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,6 +13,10 @@ concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true +permissions: + contents: read + packages: write + jobs: tests: name: Tests @@ -57,17 +61,62 @@ jobs: run: docker compose exec -T php vendor/bin/phpunit - name: Doctrine Schema Validator run: docker compose exec -T php bin/console -e test doctrine:schema:validate - deploy: - name: Deploy + + build-deploy: + name: Build and deploy to ${{ startsWith(github.ref, 'refs/tags/') && 'production' || (github.ref == 'refs/heads/main' && 'acceptance' || '') }} environment: name: ${{ startsWith(github.ref, 'refs/tags/') && 'production' || (github.ref == 'refs/heads/main' && 'acceptance' || '') }} url: ${{ vars.URL }} needs: tests runs-on: ubuntu-latest - if: startsWith(github.ref, 'refs/tags/') + if: (github.ref == 'refs/heads/main' && false) || startsWith(github.ref, 'refs/tags/') steps: - - shell: bash + - name: Checkout + uses: actions/checkout@v4 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Log in to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata + id: meta + run: | + REPO_LOWER=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]') + if [[ "${{ github.ref }}" == refs/tags/* ]]; then + TAG="${GITHUB_REF#refs/tags/}" + { + echo "tag=$TAG" + echo "full_name=ghcr.io/${REPO_LOWER}:$TAG" + } >> "$GITHUB_OUTPUT" + else + SHORT_SHA=$(git rev-parse --short HEAD) + { + echo "tag=$SHORT_SHA" + echo "full_name=ghcr.io/${REPO_LOWER}:$SHORT_SHA" + } >> "$GITHUB_OUTPUT" + fi + + - name: Build and Push Docker images + uses: docker/bake-action@v5 + with: + pull: true + push: true + files: | + compose.yaml + compose.build.yaml + set: | + *.cache-from=type=gha,scope=${{github.ref}} + *.cache-from=type=gha,scope=refs/heads/main + *.cache-to=type=gha,scope=${{github.ref}},mode=max + *.tags=${{ steps.meta.outputs.full_name }} + + - name: Trigger Portainer Deployment + shell: bash env: PORTAINER_WEBHOOK: ${{secrets.PORTAINER_WEBHOOK}} run: | - curl -v -X POST "$PORTAINER_WEBHOOK" + curl -v -X POST "$PORTAINER_WEBHOOK"?IMAGE_TAG=${{steps.meta.outputs.tag}} --fail-with-body diff --git a/compose.build.yaml b/compose.build.yaml new file mode 100644 index 0000000..c595020 --- /dev/null +++ b/compose.build.yaml @@ -0,0 +1,5 @@ +services: + php: + build: + context: . + target: frankenphp_prod diff --git a/compose.prod.yaml b/compose.prod.yaml index 35820d5..1907314 100644 --- a/compose.prod.yaml +++ b/compose.prod.yaml @@ -1,9 +1,7 @@ # Production environment override services: php: - build: - context: . - target: frankenphp_prod + image: ghcr.io/marijndoeve/tijdvoordetest:${IMAGE_TAG} environment: APP_SECRET: ${APP_SECRET} MERCURE_PUBLISHER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET}