name: Release on: workflow_dispatch: inputs: target: description: 'The release target of Logto' required: true default: dev type: choice options: - prod - dev push: branches: - master concurrency: group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref }} jobs: dockerize-core: environment: ${{ startsWith(github.ref, 'refs/tags/') && 'release' || '' }} # Use normal machine for OSS release since we'll build on Depot runs-on: ${{ (inputs.target || 'dev') == 'dev' && 'ubuntu-latest' || 'ubuntu-latest-4-cores' }} permissions: contents: read id-token: write steps: - uses: actions/checkout@v3 with: fetch-depth: 0 - name: Docker meta id: meta uses: docker/metadata-action@v4 with: images: | ghcr.io/logto-io/logto svhd/logto # https://github.com/docker/metadata-action#typesemver tags: | type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{major}} type=raw,value=${{ inputs.target || 'dev' }},enable=${{ !startsWith(github.ref, 'refs/tags/') }} type=edge - name: Login to DockerHub uses: docker/login-action@v2 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry uses: docker/login-action@v2 with: registry: ghcr.io username: silverhand-bot password: ${{ secrets.BOT_PAT }} - name: Setup Docker Buildx if: ${{ !startsWith(github.ref, 'refs/tags/') }} uses: docker/setup-buildx-action@v2 - name: Build and push if: ${{ !startsWith(github.ref, 'refs/tags/') }} uses: docker/build-push-action@v4 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} build-args: | additional_connector_args=--cloud applicationinsights_connection_string=${{ (inputs.target || 'dev') == 'dev' && secrets.APPLICATIONINSIGHTS_CONNECTION_STRING || secrets.APPLICATIONINSIGHTS_CONNECTION_STRING_PROD }} - name: Setup Depot if: ${{ startsWith(github.ref, 'refs/tags/') }} uses: depot/setup-action@v1 - name: Build and push if: ${{ startsWith(github.ref, 'refs/tags/') }} uses: depot/build-push-action@v1 with: platforms: linux/amd64, linux/arm64 project: g902cp6dvv context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} dockerize-cloud: # Use normal machine for OSS release since we'll build on Depot runs-on: ${{ (inputs.target || 'dev') == 'dev' && 'ubuntu-latest' || 'ubuntu-latest-4-cores' }} if: github.event_name != 'workflow_dispatch' steps: - uses: actions/checkout@v3 with: fetch-depth: 0 - name: Docker meta id: meta uses: docker/metadata-action@v4 with: images: | ghcr.io/logto-io/cloud # https://github.com/docker/metadata-action tags: | type=raw,value=${{ inputs.target || 'dev' }},enable=${{ !startsWith(github.ref, 'refs/tags/') }} type=edge - name: Login to GitHub Container Registry uses: docker/login-action@v2 with: registry: ghcr.io username: silverhand-bot password: ${{ secrets.BOT_PAT }} - name: Setup Docker Buildx uses: docker/setup-buildx-action@v2 - name: Build and push uses: docker/build-push-action@v4 with: file: Dockerfile.cloud context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} build-args: | applicationinsights_connection_string=${{ (inputs.target || 'dev') == 'dev' && secrets.APPLICATIONINSIGHTS_CONNECTION_STRING || secrets.APPLICATIONINSIGHTS_CONNECTION_STRING_PROD }} deploy: strategy: fail-fast: false matrix: include: - target: core image: logto - target: cloud image: cloud runs-on: ubuntu-latest needs: [dockerize-core, dockerize-cloud] environment: ${{ inputs.target || 'dev' }}-${{ matrix.target }}-staging if: ${{ !startsWith(github.ref, 'refs/tags/') }} steps: - uses: actions/checkout@v3 - name: Setup Node and pnpm if: ${{ (inputs.target || 'dev') == 'dev' && matrix.target == 'core' }} uses: silverhand-io/actions-node-pnpm-run-steps@v3 - name: Deploy database alteration if: ${{ (inputs.target || 'dev') == 'dev' && matrix.target == 'core' }} run: | pnpm prepack pnpm cli db alt deploy next env: DB_URL: ${{ secrets.DB_URL }} - name: Login to GitHub Container Registry uses: docker/login-action@v2 with: registry: ghcr.io username: silverhand-bot password: ${{ secrets.BOT_PAT }} - name: Login via Azure CLI uses: azure/login@v1 with: creds: ${{ secrets.AZURE_CREDENTIALS }} - name: Deploy ${{ matrix.target }} to containerapp uses: azure/webapps-deploy@v2 with: app-name: ${{ vars.APP_NAME }} slot-name: staging images: ghcr.io/logto-io/${{ matrix.image }}:${{ (inputs.target || 'dev') }} swap-staging-prod: strategy: fail-fast: false matrix: target: [core, cloud] runs-on: ubuntu-latest needs: deploy environment: ${{ inputs.target || 'dev' }}-${{ matrix.target }} steps: - name: Login via Azure CLI uses: azure/login@v1 with: creds: ${{ secrets.AZURE_CREDENTIALS }} - name: Swap ${{ matrix.target }} to production # See https://learn.microsoft.com/en-us/cli/azure/webapp/deployment/slot?view=azure-cli-latest#az-webapp-deployment-slot-swap run: az webapp deployment slot swap -g ${{ vars.RESOURCE_GROUP }} -n ${{ vars.APP_NAME }} --slot staging # Publish packages and create git tags if needed publish-and-tag: runs-on: ubuntu-latest env: NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTOMATION_TOKEN }} if: ${{ !startsWith(github.ref, 'refs/tags/') }} steps: - uses: actions/checkout@v3 with: # Set Git operations with the bot PAT since we have tag protection rule token: ${{ secrets.BOT_PAT }} fetch-depth: 0 - name: Setup Node and pnpm uses: silverhand-io/actions-node-pnpm-run-steps@v3 - name: Import GPG key uses: crazy-max/ghaction-import-gpg@v5 with: gpg_private_key: ${{ secrets.BOT_GPG_KEY }} passphrase: ${{ secrets.BOT_GPG_PASSPHRASE }} git_user_signingkey: true git_commit_gpgsign: true git_tag_gpgsign: true - name: Configure Git user run: | git config --global user.email bot@silverhand.io git config --global user.name silverhand-bot - name: Publish run: node .scripts/publish.js create-github-release: environment: release runs-on: ubuntu-latest if: startsWith(github.ref, 'refs/tags/') steps: - uses: actions/checkout@v3 with: fetch-depth: 0 - name: Setup Node and pnpm uses: silverhand-io/actions-node-pnpm-run-steps@v3 - name: Build run: pnpm -r build - name: Package run: ./.scripts/package.sh - name: Release uses: softprops/action-gh-release@v1 with: token: ${{ secrets.BOT_PAT }} body: '' files: /tmp/logto.tar.gz append_body: true