chore(deps): lock file maintenance node dependencies #1086
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and deploy Docker images | |
| on: | |
| workflow_call: | |
| inputs: | |
| release-version: | |
| required: true | |
| type: string | |
| push: | |
| branches: | |
| - master | |
| paths: | |
| - 'graphql/**' | |
| - 'front/**' | |
| - 'export/**' | |
| - '.github/workflows/docker.yml' | |
| - 'docker-compose.yaml' | |
| - 'stylo-example.env' | |
| pull_request: | |
| paths: | |
| - 'graphql/**' | |
| - 'front/**' | |
| - 'export/**' | |
| - '.github/workflows/docker.yml' | |
| - 'docker-compose.yaml' | |
| - 'stylo-example.env' | |
| jobs: | |
| build-and-push: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| app: [front-stylo, graphql-stylo, export-stylo] | |
| # A couple of things need to be done to perform an automated push of Stylo Docker images on GitHub | |
| # 1. For each Stylo "Package" in EcrituresNumeriques, add People or Teams and set their access (Read, Write or Admin) | |
| # 2. Each Package needs to be "linked" to a GitHub Repository | |
| # 3. Each Actions need to explictely request Permissions (see below) so as the GITHUB_TOKEN is granted permissions to write/push in GitHub Container Registry (ghcr.io) | |
| # | |
| # Read more in this in-depth explainer: https://docs.github.com/en/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions#upgrading-a-workflow-that-accesses-ghcrio | |
| # And this conversation too https://github.com/orgs/community/discussions/26274#discussioncomment-3251137 | |
| permissions: | |
| contents: read | |
| packages: write | |
| env: | |
| TAG: ${{ inputs.release-version || 'latest' }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ (inputs.release-version && format('v{0}', inputs.release-version)) || github.ref }} | |
| submodules: true | |
| - uses: docker/setup-buildx-action@v3 | |
| - run: cp stylo-example.env stylo.env | |
| # Needed to expose ACTIONS_CACHE_URL and ACTIONS_RUNTIME_URL variables | |
| # Which are unreachable outside of an action context | |
| - uses: crazy-max/ghaction-github-runtime@v3 | |
| # https://docs.docker.com/engine/reference/commandline/buildx_build/#cache-from | |
| # https://docs.docker.com/engine/reference/commandline/buildx_build/#cache-to | |
| # https://docs.docker.com/build/ci/github-actions/examples/#github-cache | |
| # https://docs.docker.com/build/bake/compose-file/ | |
| # buildx bake `--cache-from=type=gha` somewhat assumes Docker Hub is the registry, even though the image name tells it otherwise | |
| # hence the repeated `--set` flags | |
| # it could be better by factoring `--set` options | |
| - name: Build images | |
| run: | | |
| docker buildx bake -f docker-compose.yaml \ | |
| --set '*.platform=linux/amd64' \ | |
| --load --pull ${{ matrix.app }} | |
| - name: Login to GitHub Container Registry ghcr.io | |
| run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin | |
| - if: ${{ github.ref_type == 'tag' || github.ref_name == 'master' || github.ref_name == 'main' }} | |
| name: Push images (on tag, or default branch) | |
| run: docker buildx bake -f docker-compose.yaml --push ${{ matrix.app }} |