name: Release on: workflow_dispatch: inputs: target: description: 'The release target of Logto' required: true default: dev type: choice options: - prod - dev push: branches: - master tags: - v*.*.* concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} jobs: dockerize-core: environment: ${{ startsWith(github.ref, 'refs/tags/') && 'release' || '' }} runs-on: ubuntu-latest permissions: contents: read id-token: write steps: - uses: actions/checkout@v3 with: fetch-depth: 0 - name: Docker meta id: meta uses: docker/metadata-action@v4 with: images: | ghcr.io/logto-io/logto svhd/logto # https://github.com/docker/metadata-action#typesemver tags: | type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{major}} type=raw,enable=${{ startsWith(github.ref, 'refs/tags/v') }},value=prerelease type=raw,enable=${{ inputs.target == 'prod' }},value=prod type=edge - name: Login to DockerHub uses: docker/login-action@v2 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry uses: docker/login-action@v2 with: registry: ghcr.io username: silverhand-bot password: ${{ secrets.BOT_PAT }} - name: Setup Docker Buildx if: ${{ !startsWith(github.ref, 'refs/tags/') }} uses: docker/setup-buildx-action@v2 - name: Build and push if: ${{ !startsWith(github.ref, 'refs/tags/') }} uses: docker/build-push-action@v4 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} build-args: | additional_connector_args=--cloud - name: Setup Depot if: ${{ startsWith(github.ref, 'refs/tags/') }} uses: depot/setup-action@v1 - name: Build and push if: ${{ startsWith(github.ref, 'refs/tags/') }} uses: depot/build-push-action@v1 with: platforms: linux/amd64, linux/arm64 project: g902cp6dvv context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} dockerize-cloud: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 with: fetch-depth: 0 - name: Docker meta id: meta uses: docker/metadata-action@v4 with: images: | ghcr.io/logto-io/cloud # https://github.com/docker/metadata-action tags: | type=raw,enable=${{ inputs.target == 'prod' }},value=prod type=edge - name: Login to GitHub Container Registry uses: docker/login-action@v2 with: registry: ghcr.io username: silverhand-bot password: ${{ secrets.BOT_PAT }} - name: Setup Docker Buildx uses: docker/setup-buildx-action@v2 - name: Build and push uses: docker/build-push-action@v4 with: file: Dockerfile.cloud context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} build-args: | admin_endpoint=https://auth.logto.${{ inputs.target == 'prod' && 'io' || 'dev' }}/ deploy: runs-on: ubuntu-latest needs: [dockerize-core, dockerize-cloud] environment: ${{ inputs.target || 'dev' }} if: ${{ !startsWith(github.ref, 'refs/tags/') }} steps: - uses: actions/checkout@v3 - name: Setup Node and pnpm if: ${{ (inputs.target || 'dev') == 'dev' }} uses: silverhand-io/actions-node-pnpm-run-steps@v2 - name: Deploy database alteration if: ${{ (inputs.target || 'dev') == 'dev' }} run: | pnpm prepack pnpm cli db alt deploy next env: DB_URL: ${{ secrets.DB_URL }} - name: Login to GitHub Container Registry uses: docker/login-action@v2 with: registry: ghcr.io username: silverhand-bot password: ${{ secrets.BOT_PAT }} - name: Login via Azure CLI uses: azure/login@v1 with: creds: ${{ secrets.AZURE_CREDENTIALS }} - name: Deploy core to containerapp uses: azure/webapps-deploy@v2 with: app-name: ${{ vars.APP_NAME_CORE }} images: ghcr.io/logto-io/logto:${{ vars.DOCKER_TAG }} - name: Deploy cloud to containerapp uses: azure/webapps-deploy@v2 with: app-name: ${{ vars.APP_NAME_CLOUD }} images: ghcr.io/logto-io/cloud:${{ vars.DOCKER_TAG }} # Publish packages and create git tags if needed publish-and-tag: runs-on: ubuntu-latest env: NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTOMATION_TOKEN }} if: ${{ !startsWith(github.ref, 'refs/tags/') }} steps: - uses: actions/checkout@v3 with: # Set Git operations with the bot PAT since we have tag protection rule token: ${{ secrets.BOT_PAT }} fetch-depth: 0 - name: Setup Node and pnpm uses: silverhand-io/actions-node-pnpm-run-steps@v2 - name: Import GPG key uses: crazy-max/ghaction-import-gpg@v5 with: gpg_private_key: ${{ secrets.BOT_GPG_KEY }} passphrase: ${{ secrets.BOT_GPG_PASSPHRASE }} git_user_signingkey: true git_commit_gpgsign: true git_tag_gpgsign: true - name: Configure Git user run: | git config --global user.email bot@silverhand.io git config --global user.name silverhand-bot - name: Publish run: node .scripts/publish.js create-github-release: environment: release runs-on: ubuntu-latest if: startsWith(github.ref, 'refs/tags/') steps: - uses: actions/checkout@v3 with: fetch-depth: 0 - name: Setup Node and pnpm uses: silverhand-io/actions-node-pnpm-run-steps@v2 - name: Build run: pnpm -r build - name: Package run: ./.scripts/package.sh - name: Release uses: softprops/action-gh-release@v1 with: token: ${{ secrets.BOT_PAT }} body: '' files: /tmp/logto.tar.gz append_body: true