Emma Thorpe
86f14ad68a
Add path filters so the workflow runs only when the Dockerfile, nginx config, site assets or .dockerignore change. CI-config, Renovate-config and docs changes (such as a Renovate bump of a CI action) no longer trigger a build or release. workflow_dispatch is added for manual runs after pipeline changes. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
154 lines
5.1 KiB
YAML
154 lines
5.1 KiB
YAML
name: Build and publish container
|
|
|
|
# Only run when files that affect the built image change. Updates to CI
|
|
# config, Renovate config, or docs (e.g. a Renovate bump of the checkout
|
|
# action) do not change the image and so do not trigger a build or release.
|
|
# Use workflow_dispatch to run manually after a pipeline change.
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
paths:
|
|
- 'Dockerfile'
|
|
- 'default.conf'
|
|
- 'index.html'
|
|
- 'styles.css'
|
|
- 'script.js'
|
|
- 'messages.js'
|
|
- '.dockerignore'
|
|
pull_request:
|
|
branches: [main]
|
|
paths:
|
|
- 'Dockerfile'
|
|
- 'default.conf'
|
|
- 'index.html'
|
|
- 'styles.css'
|
|
- 'script.js'
|
|
- 'messages.js'
|
|
- '.dockerignore'
|
|
workflow_dispatch:
|
|
|
|
defaults:
|
|
run:
|
|
shell: bash
|
|
|
|
jobs:
|
|
build:
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: write
|
|
packages: write
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
# Full history and tags are required to derive the next version
|
|
# from the conventional-commit messages since the last release.
|
|
fetch-depth: 0
|
|
|
|
- name: Determine registry host
|
|
run: echo "REGISTRY=${GITHUB_SERVER_URL#*://}" >> "$GITHUB_ENV"
|
|
|
|
# Derive the release version from conventional commits since the last
|
|
# v* tag: feat -> minor, fix/perf -> patch, ! or BREAKING CHANGE -> major.
|
|
# Anything else (chore, ci, docs, build) produces no release; those builds
|
|
# are published under a sha-<short> tag only.
|
|
- name: Compute version and image tags
|
|
id: version
|
|
run: |
|
|
set -euo pipefail
|
|
image="${REGISTRY}/${GITHUB_REPOSITORY,,}"
|
|
|
|
last_tag="$(git tag --list 'v*' --sort=-v:refname | head -n1 || true)"
|
|
if [ -n "$last_tag" ]; then
|
|
range="${last_tag}..HEAD"
|
|
base="${last_tag#v}"
|
|
else
|
|
range=""
|
|
base="0.0.0"
|
|
fi
|
|
|
|
subjects="$(git log ${range} --format='%s')"
|
|
bodies="$(git log ${range} --format='%B')"
|
|
|
|
bump="none"
|
|
if printf '%s\n' "$bodies" | grep -qiE 'BREAKING[ -]CHANGE' \
|
|
|| printf '%s\n' "$subjects" | grep -qE '^[a-z]+([(][^)]*[)])?!:'; then
|
|
bump="major"
|
|
elif printf '%s\n' "$subjects" | grep -qE '^feat([(][^)]*[)])?:'; then
|
|
bump="minor"
|
|
elif printf '%s\n' "$subjects" | grep -qE '^(fix|perf)([(][^)]*[)])?:'; then
|
|
bump="patch"
|
|
fi
|
|
|
|
major="${base%%.*}"
|
|
rest="${base#*.}"
|
|
minor="${rest%%.*}"
|
|
patch="${rest##*.}"
|
|
|
|
release="false"
|
|
if [ "${GITHUB_EVENT_NAME}" = "push" ] && [ "$bump" != "none" ]; then
|
|
release="true"
|
|
case "$bump" in
|
|
major) major=$((major + 1)); minor=0; patch=0 ;;
|
|
minor) minor=$((minor + 1)); patch=0 ;;
|
|
patch) patch=$((patch + 1)) ;;
|
|
esac
|
|
version="${major}.${minor}.${patch}"
|
|
{
|
|
echo "tags<<__EOT__"
|
|
echo "${image}:${version}"
|
|
echo "${image}:${major}.${minor}"
|
|
echo "${image}:${major}"
|
|
echo "${image}:latest"
|
|
echo "__EOT__"
|
|
} >> "$GITHUB_OUTPUT"
|
|
echo "version=${version}" >> "$GITHUB_OUTPUT"
|
|
else
|
|
short="$(git rev-parse --short HEAD)"
|
|
{
|
|
echo "tags<<__EOT__"
|
|
echo "${image}:sha-${short}"
|
|
echo "__EOT__"
|
|
} >> "$GITHUB_OUTPUT"
|
|
fi
|
|
echo "release=${release}" >> "$GITHUB_OUTPUT"
|
|
echo "Computed bump=${bump}, release=${release}, base=${base}"
|
|
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@v3
|
|
|
|
- name: Set up Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Log in to the Gitea container registry
|
|
if: github.event_name != 'pull_request'
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ${{ env.REGISTRY }}
|
|
username: ${{ github.repository_owner }}
|
|
password: ${{ secrets.PACKAGES_TOKEN }}
|
|
|
|
- name: Build and push
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
context: .
|
|
platforms: linux/amd64,linux/arm64
|
|
push: ${{ github.event_name != 'pull_request' }}
|
|
tags: ${{ steps.version.outputs.tags }}
|
|
labels: |
|
|
org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}
|
|
org.opencontainers.image.revision=${{ github.sha }}
|
|
|
|
# Record the release as an annotated git tag so the next run computes the
|
|
# following version from it. This push does not re-trigger the workflow,
|
|
# which only listens on the main branch and pull requests.
|
|
- name: Tag the release
|
|
if: steps.version.outputs.release == 'true'
|
|
run: |
|
|
set -euo pipefail
|
|
v="v${{ steps.version.outputs.version }}"
|
|
git config user.name "${{ github.actor }}"
|
|
git config user.email "${{ github.actor }}@users.noreply.${REGISTRY}"
|
|
git tag -a "$v" -m "$v"
|
|
git push origin "$v"
|