name: CI (make tests, stable, publish) on: push: branches: ["**"] tags: ["v*.*.*"] # SemVer tags like v1.2.3 pull_request: permissions: contents: write # push/update 'stable' tag packages: write # push to GHCR env: IMAGE_NAME: baudolo REGISTRY: ghcr.io IMAGE_REPO: ${{ github.repository }} jobs: test: name: make test runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 - name: Show docker info run: | docker version docker info - name: Run all tests via Makefile run: | make test - name: Upload E2E artifacts (always) if: always() uses: actions/upload-artifact@v4 with: name: e2e-artifacts path: artifacts if-no-files-found: ignore stable_and_publish: name: Mark stable + publish image (SemVer tags only) needs: [test] runs-on: ubuntu-latest if: startsWith(github.ref, 'refs/tags/v') steps: - name: Checkout (full history for tags) uses: actions/checkout@v4 with: fetch-depth: 0 - name: Derive version from tag id: ver run: | TAG="${GITHUB_REF#refs/tags/}" # v1.2.3 echo "tag=${TAG}" >> "$GITHUB_OUTPUT" - name: Mark 'stable' git tag (force update) run: | git config user.name "github-actions[bot]" git config user.email "github-actions[bot]@users.noreply.github.com" git tag -f stable "${GITHUB_SHA}" git push -f origin stable - name: Login to GHCR uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build image (Makefile) run: | make build - name: Tag image for registry run: | # local image built by Makefile is: baudolo:local docker tag "${IMAGE_NAME}:local" "${REGISTRY}/${IMAGE_REPO}:${{ steps.ver.outputs.tag }}" docker tag "${IMAGE_NAME}:local" "${REGISTRY}/${IMAGE_REPO}:stable" docker tag "${IMAGE_NAME}:local" "${REGISTRY}/${IMAGE_REPO}:sha-${GITHUB_SHA::12}" - name: Push image run: | docker push "${REGISTRY}/${IMAGE_REPO}:${{ steps.ver.outputs.tag }}" docker push "${REGISTRY}/${IMAGE_REPO}:stable" docker push "${REGISTRY}/${IMAGE_REPO}:sha-${GITHUB_SHA::12}"