v4.0.0 #20
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Production deploy | |
on: | |
release: | |
types: [published] | |
jobs: | |
deploy-and-tarball: | |
name: Netlify deploy and tarball | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4.1.7 | |
- name: Setup node | |
uses: actions/setup-node@v4.0.3 | |
with: | |
node-version: 20.12.2 | |
cache: 'npm' | |
- name: Install dependencies | |
run: npm ci | |
- name: Build app | |
env: | |
NODE_OPTIONS: '--max_old_space_size=4096' | |
run: npm run build | |
- name: Deploy to Netlify | |
uses: nwtgck/actions-netlify@4cbaf4c08f1a7bfa537d6113472ef4424e4eb654 | |
with: | |
publish-dir: dist | |
deploy-message: 'Prod deploy ${{ github.ref_name }}' | |
enable-commit-comment: false | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
production-deploy: true | |
github-deployment-environment: stable | |
github-deployment-description: 'Stable deployment on each release' | |
env: | |
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} | |
NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID_APP }} | |
timeout-minutes: 1 | |
- name: Get version from tag | |
id: vars | |
run: echo "tag=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT | |
- name: Create tar.gz | |
run: tar -czvf cinny-${{ steps.vars.outputs.tag }}.tar.gz dist | |
- name: Sign tar.gz | |
run: | | |
echo '${{ secrets.GNUPG_KEY }}' | gpg --batch --import | |
# Sadly a few lines in the private key match a few lines in the public key, | |
# As a result just --export --armor gives us a few lines replaced with *** | |
# making it useless for importing the signing key. Instead, we dump it as | |
# non-armored and hex-encode it so that its printable. | |
echo "PGP Signing key, in raw PGP format in hex. Import with cat ... | xxd -r -p - | gpg --import" | |
gpg --export | xxd -p | |
echo '${{ secrets.GNUPG_PASSPHRASE }}' | gpg --batch --yes --pinentry-mode loopback --passphrase-fd 0 --armor --detach-sign cinny-${{ steps.vars.outputs.tag }}.tar.gz | |
- name: Upload tagged release | |
uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 | |
with: | |
files: | | |
cinny-${{ steps.vars.outputs.tag }}.tar.gz | |
cinny-${{ steps.vars.outputs.tag }}.tar.gz.asc | |
publish-image: | |
name: Push Docker image to Docker Hub, ghcr | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4.1.7 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3.2.0 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3.5.0 | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3.3.0 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Login to the Container registry | |
uses: docker/login-action@v3.3.0 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Extract metadata (tags, labels) for Docker | |
id: meta | |
uses: docker/metadata-action@v5.5.1 | |
with: | |
images: | | |
${{ secrets.DOCKER_USERNAME }}/cinny | |
ghcr.io/${{ github.repository }} | |
- name: Build and push Docker image | |
uses: docker/build-push-action@v6.5.0 | |
with: | |
context: . | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} |