|
| 1 | +name: Build and Push Docker Image |
| 2 | + |
| 3 | +on: |
| 4 | + workflow_dispatch: |
| 5 | + inputs: |
| 6 | + bump_type: |
| 7 | + description: 'Version bump type (patch, minor, major)' |
| 8 | + required: true |
| 9 | + default: 'patch' |
| 10 | + type: choice |
| 11 | + options: |
| 12 | + - patch |
| 13 | + - minor |
| 14 | + - major |
| 15 | + branch: |
| 16 | + description: 'Branch to tag (leave empty for default branch)' |
| 17 | + required: false |
| 18 | + default: '' |
| 19 | + |
| 20 | +permissions: |
| 21 | + contents: write # Needed for pushing tags |
| 22 | + packages: write # Needed for pushing docker images to GHCR |
| 23 | + |
| 24 | +jobs: |
| 25 | + tag_release: |
| 26 | + runs-on: ubuntu-latest |
| 27 | + outputs: |
| 28 | + # Define output to pass the tag to the next job |
| 29 | + new_tag: ${{ steps.tag_version.outputs.next_version }} |
| 30 | + steps: |
| 31 | + - name: Checkout code |
| 32 | + uses: actions/checkout@v4 |
| 33 | + with: |
| 34 | + # Fetch all history and tags to find the latest SemVer tag |
| 35 | + fetch-depth: 0 |
| 36 | + # Checkout the specific branch if provided, otherwise default |
| 37 | + ref: ${{ github.event.inputs.branch }} |
| 38 | + # Token needed to push tags back |
| 39 | + token: ${{ secrets.GITHUB_TOKEN }} |
| 40 | + |
| 41 | + - name: Get latest SemVer tag and calculate next version |
| 42 | + id: tag_version |
| 43 | + run: | |
| 44 | + # Fetch all tags from remote just in case |
| 45 | + git fetch --tags |
| 46 | +
|
| 47 | + # Get the latest SemVer tag (handles vX.Y.Z pattern) |
| 48 | + # Filters tags, sorts them version-aware, takes the last one |
| 49 | + LATEST_TAG=$(git tag --list 'v[0-9]*.[0-9]*.[0-9]*' --sort='v:refname' | tail -n 1) |
| 50 | +
|
| 51 | + if [ -z "$LATEST_TAG" ]; then |
| 52 | + echo "No previous SemVer tag found. Starting with v0.1.0" |
| 53 | + # Determine initial version based on bump type (optional, v0.1.0 is often fine) |
| 54 | + case "${{ github.event.inputs.bump_type }}" in |
| 55 | + patch|minor) |
| 56 | + NEXT_VERSION="v0.1.0" |
| 57 | + ;; |
| 58 | + major) |
| 59 | + NEXT_VERSION="v1.0.0" |
| 60 | + ;; |
| 61 | + *) # Should not happen due to 'choice' input, but good practice |
| 62 | + echo "Invalid bump type: ${{ github.event.inputs.bump_type }}" |
| 63 | + exit 1 |
| 64 | + ;; |
| 65 | + esac |
| 66 | + else |
| 67 | + echo "Latest tag found: $LATEST_TAG" |
| 68 | + # Remove 'v' prefix for calculation |
| 69 | + VERSION=${LATEST_TAG#v} |
| 70 | +
|
| 71 | + # Split into parts |
| 72 | + MAJOR=$(echo $VERSION | cut -d. -f1) |
| 73 | + MINOR=$(echo $VERSION | cut -d. -f2) |
| 74 | + PATCH=$(echo $VERSION | cut -d. -f3) |
| 75 | +
|
| 76 | + # Bump version based on input |
| 77 | + case "${{ github.event.inputs.bump_type }}" in |
| 78 | + patch) |
| 79 | + PATCH=$((PATCH + 1)) |
| 80 | + ;; |
| 81 | + minor) |
| 82 | + MINOR=$((MINOR + 1)) |
| 83 | + PATCH=0 |
| 84 | + ;; |
| 85 | + major) |
| 86 | + MAJOR=$((MAJOR + 1)) |
| 87 | + MINOR=0 |
| 88 | + PATCH=0 |
| 89 | + ;; |
| 90 | + *) |
| 91 | + echo "Invalid bump type: ${{ github.event.inputs.bump_type }}" |
| 92 | + exit 1 |
| 93 | + ;; |
| 94 | + esac |
| 95 | + NEXT_VERSION="v${MAJOR}.${MINOR}.${PATCH}" |
| 96 | + fi |
| 97 | +
|
| 98 | + echo "Calculated next version: $NEXT_VERSION" |
| 99 | + # Set output for subsequent steps |
| 100 | + echo "next_version=$NEXT_VERSION" >> $GITHUB_OUTPUT |
| 101 | +
|
| 102 | + - name: Create and Push Tag |
| 103 | + run: | |
| 104 | + # Configure Git user identity for annotated tag (FIX) |
| 105 | + git config --global user.name 'github-actions[bot]' |
| 106 | + git config --global user.email 'github-actions[bot]@users.noreply.github.com' |
| 107 | +
|
| 108 | + NEXT_TAG="${{ steps.tag_version.outputs.next_version }}" |
| 109 | + COMMIT_SHA=$(git rev-parse HEAD) |
| 110 | + echo "Tagging commit $COMMIT_SHA with $NEXT_TAG" |
| 111 | +
|
| 112 | + # Create an annotated tag (recommended) - this requires user.name/email |
| 113 | + git tag -a "$NEXT_TAG" -m "Release $NEXT_TAG" |
| 114 | +
|
| 115 | + # Push the tag to the remote repository |
| 116 | + echo "Pushing tag $NEXT_TAG to origin" |
| 117 | + git push origin "$NEXT_TAG" |
| 118 | +
|
| 119 | + - name: Verify Tag Push |
| 120 | + run: | |
| 121 | + echo "Checking if tag ${{ steps.tag_version.outputs.next_version }} exists remotely..." |
| 122 | + # Give remote a second to update |
| 123 | + sleep 5 |
| 124 | + git ls-remote --tags origin | grep "refs/tags/${{ steps.tag_version.outputs.next_version }}" || (echo "Tag push verification failed!" && exit 1) |
| 125 | + echo "Tag successfully pushed." |
| 126 | +
|
| 127 | + build_and_push_docker_image: |
| 128 | + runs-on: ubuntu-latest |
| 129 | + needs: tag_release # Depends on the tag being created successfully |
| 130 | + permissions: |
| 131 | + packages: write # Need permission to write to GHCR |
| 132 | + contents: read # Need permission to read repo contents (checkout) |
| 133 | + |
| 134 | + steps: |
| 135 | + - name: Checkout code |
| 136 | + uses: actions/checkout@v4 |
| 137 | + |
| 138 | + - name: Login to GitHub Container Registry |
| 139 | + uses: docker/login-action@v3 |
| 140 | + with: |
| 141 | + registry: ghcr.io |
| 142 | + username: ${{ github.repository_owner }} |
| 143 | + password: ${{ secrets.GITHUB_TOKEN }} |
| 144 | + |
| 145 | + - name: Set up Docker Buildx |
| 146 | + uses: docker/setup-buildx-action@v3 |
| 147 | + |
| 148 | + - name: Extract metadata (tags, labels) for Docker build |
| 149 | + id: meta |
| 150 | + uses: docker/metadata-action@v5 |
| 151 | + with: |
| 152 | + images: ghcr.io/${{ github.repository_owner }}/surfsense_backend |
| 153 | + tags: | |
| 154 | + # Use the tag generated in the previous job |
| 155 | + type=raw,value=${{ needs.tag_release.outputs.new_tag }} |
| 156 | + # Optionally add 'latest' tag if building from the default branch |
| 157 | + type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) || github.event.inputs.branch == github.event.repository.default_branch }} |
| 158 | +
|
| 159 | + - name: Build and push Docker image |
| 160 | + uses: docker/build-push-action@v5 |
| 161 | + with: |
| 162 | + context: ./surfsense_backend |
| 163 | + push: true |
| 164 | + tags: ${{ steps.meta.outputs.tags }} |
| 165 | + labels: ${{ steps.meta.outputs.labels }} |
| 166 | + # Optional: Add build cache for faster builds |
| 167 | + cache-from: type=gha |
| 168 | + cache-to: type=gha,mode=max |
0 commit comments