Add concurrency and master refs to publish workflow #3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
| name: Build and Publish Container Image | |
| concurrency: | |
| group: website-build-${{ github.ref }} | |
| cancel-in-progress: true | |
| on: | |
| push: | |
| branches: [master] | |
| tags: ["v*"] | |
| pull_request: | |
| workflow_dispatch: | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: "www-website" | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Compute image name (lowercase owner/repo) | |
| id: img | |
| run: | | |
| OWNER="$(echo "${GITHUB_REPOSITORY_OWNER}" | tr '[:upper:]' '[:lower:]')" | |
| REPO_NAME="${GITHUB_REPOSITORY##*/}" | |
| IMAGE_NAME="${IMAGE_NAME:-$REPO_NAME}" | |
| IMAGE_NAME="$(echo "${IMAGE_NAME}" | tr '[:upper:]' '[:lower:]')" | |
| echo "IMAGE=${REGISTRY}/${OWNER}/${IMAGE_NAME}" >> "$GITHUB_ENV" | |
| - name: Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.IMAGE }} | |
| tags: | | |
| type=sha | |
| type=ref,event=tag | |
| type=ref,event=branch,enable=${{ github.ref == 'refs/heads/master' }} | |
| type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }} | |
| - name: Set up Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build image for tests | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| push: false | |
| load: true | |
| tags: ${{ env.IMAGE }}:ci | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Run smoke test (curl /) | |
| env: | |
| IMAGE_UNDER_TEST: ${{ env.IMAGE }}:ci | |
| run: | | |
| set -euo pipefail | |
| cid=$(docker run -d -p 0:3000 "$IMAGE_UNDER_TEST") | |
| trap "docker rm -f $cid >/dev/null 2>&1" EXIT | |
| port=$(docker port "$cid" 3000/tcp | sed -E 's/.*:([0-9]+)$/\1/') | |
| for i in {1..20}; do | |
| if curl -fsS "http://127.0.0.1:${port}/" > /dev/null; then | |
| exit 0 | |
| fi | |
| sleep 1 | |
| done | |
| echo "Service did not respond on / after 20s" >&2 | |
| exit 1 | |
| - name: Log in to GHCR | |
| if: github.event_name == 'push' && (startsWith(github.ref, 'refs/heads/master') || startsWith(github.ref, 'refs/tags/')) | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| # Prefer CR_PAT if provided (for cross-repo scopes); fallback to GITHUB_TOKEN | |
| password: ${{ secrets.CR_PAT != '' && secrets.CR_PAT || secrets.GITHUB_TOKEN }} | |
| - name: Build and push | |
| if: github.event_name == 'push' && (startsWith(github.ref, 'refs/heads/master') || startsWith(github.ref, 'refs/tags/')) | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max |