Skip to content

Commit dfb9c56

Browse files
warengonzagawarengonzaga
committed
📦 new: add release workflow
1 parent 00ff5ce commit dfb9c56

File tree

1 file changed

+135
-0
lines changed

1 file changed

+135
-0
lines changed

‎.github/workflows/release.yml‎

Lines changed: 135 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,135 @@
1+
name: Release
2+
3+
on:
4+
release:
5+
types: [published]
6+
7+
env:
8+
REGISTRY_DOCKERHUB: wgtechlabs/unthread-webhook-server
9+
REGISTRY_GHCR: ghcr.io/wgtechlabs/unthread-webhook-server
10+
11+
jobs:
12+
build-production:
13+
name: Build Production Images
14+
runs-on: ubuntu-latest
15+
if: startsWith(github.ref, 'refs/tags/')
16+
17+
steps:
18+
- name: Checkout code
19+
uses: actions/checkout@v4
20+
21+
- name: Setup Docker Buildx
22+
uses: docker/setup-buildx-action@v3
23+
with:
24+
driver: cloud
25+
endpoint: "wgtechlabs/unthread-bot-builder"
26+
install: true
27+
28+
- name: Login to Docker Hub
29+
uses: docker/login-action@v3
30+
with:
31+
username: ${{ secrets.DOCKER_HUB_USERNAME }}
32+
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
33+
34+
- name: Login to GitHub Container Registry
35+
uses: docker/login-action@v3
36+
with:
37+
registry: ghcr.io
38+
username: ${{ github.actor }}
39+
password: ${{ secrets.GITHUB_TOKEN }}
40+
41+
- name: Extract version from package.json
42+
id: version
43+
run: |
44+
VERSION=$(node -p "require('./package.json').version")
45+
echo "version=$VERSION" >> $GITHUB_OUTPUT
46+
echo "major=$(echo $VERSION | cut -d. -f1)" >> $GITHUB_OUTPUT
47+
echo "minor=$(echo $VERSION | cut -d. -f1-2)" >> $GITHUB_OUTPUT
48+
echo "patch=$(echo $VERSION | cut -d. -f1-3)" >> $GITHUB_OUTPUT
49+
echo "build_date=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
50+
51+
- name: Generate Docker tags
52+
id: tags
53+
run: |
54+
VERSION="${{ steps.version.outputs.version }}"
55+
MAJOR="${{ steps.version.outputs.major }}"
56+
MINOR="${{ steps.version.outputs.minor }}"
57+
PATCH="${{ steps.version.outputs.patch }}"
58+
59+
# Docker Hub tags (no 'v' prefix)
60+
DOCKERHUB_TAGS="${{ env.REGISTRY_DOCKERHUB }}:latest"
61+
DOCKERHUB_TAGS="$DOCKERHUB_TAGS,${{ env.REGISTRY_DOCKERHUB }}:$VERSION"
62+
DOCKERHUB_TAGS="$DOCKERHUB_TAGS,${{ env.REGISTRY_DOCKERHUB }}:$PATCH"
63+
DOCKERHUB_TAGS="$DOCKERHUB_TAGS,${{ env.REGISTRY_DOCKERHUB }}:$MINOR"
64+
DOCKERHUB_TAGS="$DOCKERHUB_TAGS,${{ env.REGISTRY_DOCKERHUB }}:$MAJOR"
65+
66+
# GitHub Container Registry tags (with 'v' prefix)
67+
GHCR_TAGS="${{ env.REGISTRY_GHCR }}:latest"
68+
GHCR_TAGS="$GHCR_TAGS,${{ env.REGISTRY_GHCR }}:v$VERSION"
69+
GHCR_TAGS="$GHCR_TAGS,${{ env.REGISTRY_GHCR }}:v$PATCH"
70+
GHCR_TAGS="$GHCR_TAGS,${{ env.REGISTRY_GHCR }}:v$MINOR"
71+
GHCR_TAGS="$GHCR_TAGS,${{ env.REGISTRY_GHCR }}:v$MAJOR"
72+
73+
# Combine all tags
74+
ALL_TAGS="$DOCKERHUB_TAGS,$GHCR_TAGS"
75+
76+
echo "tags=$ALL_TAGS" >> $GITHUB_OUTPUT
77+
78+
- name: Build and push production images
79+
uses: docker/build-push-action@v5
80+
with:
81+
context: .
82+
push: true
83+
platforms: linux/amd64,linux/arm64
84+
tags: ${{ steps.tags.outputs.tags }}
85+
labels: |
86+
org.opencontainers.image.title=Unthread Webhook Server
87+
org.opencontainers.image.description=A Node.js server application that receives webhook events from Unthread.io
88+
org.opencontainers.image.version=${{ steps.version.outputs.version }}
89+
org.opencontainers.image.created=${{ steps.version.outputs.build_date }}
90+
org.opencontainers.image.revision=${{ github.sha }}
91+
org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}
92+
org.opencontainers.image.url=${{ github.server_url }}/${{ github.repository }}
93+
org.opencontainers.image.licenses=GPL-3.0
94+
cache-from: type=gha
95+
cache-to: type=gha,mode=max
96+
97+
- name: Run Trivy vulnerability scanner
98+
uses: aquasecurity/[email protected]
99+
with:
100+
image-ref: ${{ env.REGISTRY_DOCKERHUB }}:${{ steps.version.outputs.version }}
101+
format: 'sarif'
102+
output: 'trivy-results.sarif'
103+
104+
- name: Upload Trivy scan results to GitHub Security tab
105+
uses: github/codeql-action/upload-sarif@v3
106+
if: always()
107+
with:
108+
sarif_file: 'trivy-results.sarif'
109+
110+
- name: Production release summary
111+
run: |
112+
echo "## 🚀 Production Release Complete" >> $GITHUB_STEP_SUMMARY
113+
echo "**Version:** \`${{ steps.version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
114+
echo "**Release:** \`${{ github.event.release.tag_name }}\`" >> $GITHUB_STEP_SUMMARY
115+
echo "" >> $GITHUB_STEP_SUMMARY
116+
echo "**Docker Hub Images:**" >> $GITHUB_STEP_SUMMARY
117+
echo "- \`${{ env.REGISTRY_DOCKERHUB }}:latest\`" >> $GITHUB_STEP_SUMMARY
118+
echo "- \`${{ env.REGISTRY_DOCKERHUB }}:${{ steps.version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
119+
echo "- \`${{ env.REGISTRY_DOCKERHUB }}:${{ steps.version.outputs.patch }}\`" >> $GITHUB_STEP_SUMMARY
120+
echo "- \`${{ env.REGISTRY_DOCKERHUB }}:${{ steps.version.outputs.minor }}\`" >> $GITHUB_STEP_SUMMARY
121+
echo "- \`${{ env.REGISTRY_DOCKERHUB }}:${{ steps.version.outputs.major }}\`" >> $GITHUB_STEP_SUMMARY
122+
echo "" >> $GITHUB_STEP_SUMMARY
123+
echo "**GitHub Container Registry Images:**" >> $GITHUB_STEP_SUMMARY
124+
echo "- \`${{ env.REGISTRY_GHCR }}:latest\`" >> $GITHUB_STEP_SUMMARY
125+
echo "- \`${{ env.REGISTRY_GHCR }}:v${{ steps.version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
126+
echo "- \`${{ env.REGISTRY_GHCR }}:v${{ steps.version.outputs.patch }}\`" >> $GITHUB_STEP_SUMMARY
127+
echo "- \`${{ env.REGISTRY_GHCR }}:v${{ steps.version.outputs.minor }}\`" >> $GITHUB_STEP_SUMMARY
128+
echo "- \`${{ env.REGISTRY_GHCR }}:v${{ steps.version.outputs.major }}\`" >> $GITHUB_STEP_SUMMARY
129+
echo "" >> $GITHUB_STEP_SUMMARY
130+
echo "**Deploy with:**" >> $GITHUB_STEP_SUMMARY
131+
echo "\`\`\`bash" >> $GITHUB_STEP_SUMMARY
132+
echo "docker pull ${{ env.REGISTRY_DOCKERHUB }}:latest" >> $GITHUB_STEP_SUMMARY
133+
echo "# OR" >> $GITHUB_STEP_SUMMARY
134+
echo "docker pull ${{ env.REGISTRY_GHCR }}:latest" >> $GITHUB_STEP_SUMMARY
135+
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY

0 commit comments

Comments
 (0)