104 lines
3.8 KiB
YAML
104 lines
3.8 KiB
YAML
name: CMS Release
|
|
|
|
on:
|
|
push:
|
|
tags:
|
|
- "v*"
|
|
workflow_dispatch:
|
|
inputs:
|
|
release_tag:
|
|
description: "Release tag in vX.Y.Z format"
|
|
required: false
|
|
rollback_image_tag:
|
|
description: "Optional rollback image tag"
|
|
required: false
|
|
|
|
env:
|
|
BUN_VERSION: "1.3.5"
|
|
REGISTRY: ${{ secrets.CMS_IMAGE_REGISTRY }}
|
|
IMAGE_NAMESPACE: ${{ secrets.CMS_IMAGE_NAMESPACE }}
|
|
|
|
jobs:
|
|
release:
|
|
name: Build Push Changelog
|
|
if: github.event_name == 'push' || github.event.inputs.rollback_image_tag == ''
|
|
runs-on: node22-bun
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Setup Bun
|
|
uses: oven-sh/setup-bun@v2
|
|
with:
|
|
bun-version: ${{ env.BUN_VERSION }}
|
|
|
|
- name: Install dependencies
|
|
run: bun install --frozen-lockfile
|
|
|
|
- name: Resolve release tag
|
|
id: tag
|
|
run: |
|
|
if [ "${GITHUB_EVENT_NAME}" = "workflow_dispatch" ]; then
|
|
if [ -z "${{ github.event.inputs.release_tag }}" ]; then
|
|
echo "release_tag input is required when publishing a release manually."
|
|
exit 1
|
|
fi
|
|
echo "value=${{ github.event.inputs.release_tag }}" >> "$GITHUB_OUTPUT"
|
|
else
|
|
echo "value=${GITHUB_REF_NAME}" >> "$GITHUB_OUTPUT"
|
|
fi
|
|
|
|
- name: Validate tag against package version
|
|
run: sh .gitea/scripts/validate-tag-version.sh "${{ steps.tag.outputs.value }}"
|
|
|
|
- name: Generate changelog
|
|
run: bun run changelog:release
|
|
|
|
- name: Build release notes payload
|
|
run: |
|
|
if ! sh .gitea/scripts/extract-release-notes.sh "${{ steps.tag.outputs.value }}" > .gitea-release-notes.md; then
|
|
echo "Could not isolate section for tag ${{ steps.tag.outputs.value }}. Falling back to full CHANGELOG.md."
|
|
cp CHANGELOG.md .gitea-release-notes.md
|
|
fi
|
|
|
|
- name: Login to image registry
|
|
run: |
|
|
echo "${{ secrets.CMS_IMAGE_REGISTRY_PASSWORD }}" | docker login "${{ env.REGISTRY }}" -u "${{ secrets.CMS_IMAGE_REGISTRY_USER }}" --password-stdin
|
|
|
|
- name: Build and push web image
|
|
run: |
|
|
image="${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/cms-web:${{ steps.tag.outputs.value }}"
|
|
docker build -f apps/web/Dockerfile -t "$image" .
|
|
docker push "$image"
|
|
|
|
- name: Build and push admin image
|
|
run: |
|
|
image="${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/cms-admin:${{ steps.tag.outputs.value }}"
|
|
docker build -f apps/admin/Dockerfile -t "$image" .
|
|
docker push "$image"
|
|
|
|
- name: Publish release notes to Gitea
|
|
env:
|
|
RELEASE_TAG: ${{ steps.tag.outputs.value }}
|
|
RELEASE_NAME: ${{ steps.tag.outputs.value }}
|
|
RELEASE_BODY_FILE: ".gitea-release-notes.md"
|
|
GITEA_RELEASE_TOKEN: ${{ secrets.GITEA_RELEASE_TOKEN }}
|
|
run: bun .gitea/scripts/publish-gitea-release.mjs
|
|
|
|
rollback:
|
|
name: Rollback Production (Manual)
|
|
if: github.event_name == 'workflow_dispatch' && github.event.inputs.rollback_image_tag != ''
|
|
runs-on: node22-bun
|
|
steps:
|
|
- name: Setup SSH
|
|
run: |
|
|
mkdir -p ~/.ssh
|
|
echo "${{ secrets.CMS_DEPLOY_KEY }}" > ~/.ssh/id_rsa
|
|
chmod 600 ~/.ssh/id_rsa
|
|
ssh-keyscan -H "${{ secrets.CMS_PRODUCTION_HOST }}" >> ~/.ssh/known_hosts
|
|
|
|
- name: Apply rollback image tag on production
|
|
run: |
|
|
ssh "${{ secrets.CMS_PRODUCTION_USER }}@${{ secrets.CMS_PRODUCTION_HOST }}" \
|
|
"cd ${{ secrets.CMS_REMOTE_DEPLOY_PATH }} && CMS_IMAGE_TAG=${{ github.event.inputs.rollback_image_tag }} docker compose -f docker-compose.production.yml pull && CMS_IMAGE_TAG=${{ github.event.inputs.rollback_image_tag }} docker compose -f docker-compose.production.yml up -d"
|