This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Release to Production | |
| on: | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| id-token: write | |
| contents: write | |
| packages: write | |
| jobs: | |
| determine-release: | |
| runs-on: ubuntu-latest | |
| environment: production | |
| outputs: | |
| release_needed: ${{ steps.semantic_release.outputs.release_needed }} | |
| tag: ${{ steps.semantic_release.outputs.tag }} | |
| env: | |
| UV_TOOL_DIR: /tmp/.uv-tool | |
| steps: | |
| # https://github.com/orgs/community/discussions/25305#discussioncomment-10728028 | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.sha }} | |
| ssh-key: ${{ secrets.GH_DEPLOY_SSH_KEY }} | |
| - name: Force correct release branch | |
| run: | | |
| git checkout -B ${{ github.ref_name }} ${{ github.sha }} | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v3 | |
| with: | |
| tool-bin-dir: "/tmp/tool-bin" | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version-file: "backend/pyproject.toml" | |
| - name: Restore uv tools | |
| uses: actions/cache@v4 | |
| with: | |
| path: /tmp/tool-bin | |
| key: uv-tools-${{ runner.os }}-psr-v9.11.1 | |
| restore-keys: | | |
| uv-tools-${{ runner.os }}-psr-v9.11.1 | |
| uv-tools-${{ runner.os }} | |
| - name: Install Python Semantic Release | |
| env: | |
| UV_TOOL_DIR: /tmp/release-tool-bin | |
| run: uv tool install python-semantic-release@v9.11.1 | |
| - name: Run Semantic Release | |
| id: semantic_release | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| ./scripts/release-needed.sh | |
| build-frontend-docker: | |
| needs: determine-release | |
| if: needs.determine-release.outputs.release_needed == 'true' | |
| uses: ./.github/workflows/frontend-docker.yml | |
| with: | |
| tag: ${{ needs.determine-release.outputs.tag }} | |
| secrets: inherit | |
| build-backend-docker: | |
| needs: determine-release | |
| if: needs.determine-release.outputs.release_needed == 'true' | |
| uses: ./.github/workflows/backend-docker.yml | |
| with: | |
| tag: ${{ needs.determine-release.outputs.tag }} | |
| secrets: inherit | |
| build-frontend: | |
| needs: [build-frontend-docker, determine-release] | |
| if: needs.determine-release.outputs.release_needed == 'true' | |
| uses: ./.github/workflows/frontend.yml | |
| with: | |
| tag: ${{ needs.determine-release.outputs.tag }} | |
| secrets: inherit | |
| release-github: | |
| needs: [build-backend-docker, build-frontend, determine-release] | |
| if: needs.determine-release.outputs.release_needed == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ needs.determine-release.outputs.tag }} | |
| - name: Download Build Artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: frontend-build | |
| path: dist/frontend/ | |
| - name: Create Frontend Build Archive | |
| run: cd dist/ && tar -czf frontend-build.tar frontend/ | |
| - name: Create GitHub Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: dist/frontend-build.tar | |
| tag_name: ${{ needs.determine-release.outputs.tag }} | |
| body_path: CHANGELOG.md | |
| release-docker: | |
| needs: [release-github, determine-release] | |
| if: needs.determine-release.outputs.release_needed == 'true' | |
| runs-on: ubuntu-latest | |
| environment: production | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Create Frontend Docker Release | |
| uses: ./.github/actions/docker-release | |
| with: | |
| release_tag: ${{ needs.determine-release.outputs.tag }} | |
| image_name: ${{ vars.FRONTEND_IMAGE_NAME }} | |
| old_tag: main-dev | |
| registry: ${{ vars.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Create Backend Docker Release | |
| uses: ./.github/actions/docker-release | |
| with: | |
| release_tag: ${{ needs.determine-release.outputs.tag }} | |
| image_name: ${{ vars.BACKEND_IMAGE_NAME }} | |
| old_tag: main | |
| registry: ${{ vars.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| release-cloudflare: | |
| needs: [build-frontend, release-github, determine-release] | |
| if: needs.determine-release.outputs.release_needed == 'true' | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: production | |
| url: ${{ steps.deploy.outputs.deployment-url }} | |
| steps: | |
| - name: Download Build Artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: frontend-build | |
| path: dist/frontend/ | |
| - name: Upload Build Artifacts | |
| uses: cloudflare/wrangler-action@v3 | |
| id: deploy | |
| with: | |
| apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} | |
| accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} | |
| command: pages deploy dist/frontend/ --project-name=tmvisdb |