name: Release on: workflow_dispatch: push: branches: - master tags: - v*.*.* concurrency: group: dockerize-${{ github.ref }} jobs: dockerize: environment: ${{ startsWith(github.ref, 'refs/tags/') && 'release' || '' }} runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 with: fetch-depth: 0 - name: Docker meta id: meta uses: docker/metadata-action@v4 with: images: | ghcr.io/logto-io/logto svhd/logto # https://github.com/docker/metadata-action#typesemver tags: | type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{major}} type=raw,enable=${{ startsWith(github.ref, 'refs/tags/v') }},value=prerelease type=edge - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - name: Login to DockerHub uses: docker/login-action@v2 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry uses: docker/login-action@v2 with: registry: ghcr.io username: silverhand-bot password: ${{ secrets.BOT_PAT }} - name: Build and push uses: docker/build-push-action@v3 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} deploy-dev: runs-on: ubuntu-latest needs: dockerize environment: dev if: ${{ !startsWith(github.ref, 'refs/tags/') }} steps: - name: Login via Azure CLI uses: azure/login@v1 with: creds: ${{ secrets.AZURE_CREDENTIALS }} - name: Deploy to containerapp uses: azure/CLI@v1 with: inlineScript: | az config set extension.use_dynamic_install=yes_without_prompt az containerapp update -n logto-dev -g LogtoDev --image svhd/logto:edge release-changesets: runs-on: ubuntu-latest env: NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTOMATION_TOKEN }} if: ${{ !startsWith(github.ref, 'refs/tags/') }} steps: - uses: actions/checkout@v3 with: # Set Git operations with the bot PAT since we have tag protection rule token: ${{ secrets.BOT_PAT }} fetch-depth: 0 - name: Setup Node and pnpm uses: silverhand-io/actions-node-pnpm-run-steps@v2 - name: Import GPG key uses: crazy-max/ghaction-import-gpg@v5 with: gpg_private_key: ${{ secrets.BOT_GPG_KEY }} passphrase: ${{ secrets.BOT_GPG_PASSPHRASE }} git_user_signingkey: true git_commit_gpgsign: true git_tag_gpgsign: true - name: Configure Git user run: | git config --global user.email bot@silverhand.io git config --global user.name silverhand-bot - name: Create release pull request uses: changesets/action@v1 with: # Use our customized publish flow. See https://github.com/changesets/changesets/issues/833 for the limit of changesets. publish: node .scripts/publish.js # `changeset version` won't run version lifecycle scripts, see https://github.com/changesets/changesets/issues/860 version: pnpm ci:version commit: 'release: version packages' title: 'release: version packages' # Create by our rules defined in `/.changeset/README.md`. createGithubReleases: false setupGitUser: false env: GITHUB_TOKEN: ${{ secrets.BOT_PAT }} create-github-release: environment: release runs-on: ubuntu-latest if: startsWith(github.ref, 'refs/tags/') steps: - uses: actions/checkout@v3 with: fetch-depth: 0 - name: Setup Node and pnpm uses: silverhand-io/actions-node-pnpm-run-steps@v2 - name: Build run: pnpm -r build - name: Package run: ./.scripts/package.sh - name: Release uses: softprops/action-gh-release@v1 with: token: ${{ secrets.BOT_PAT }} body: files: /tmp/logto.tar.gz