Files
vendoo/.github/workflows/release.yml
dependabot[bot]andGitHub 6a245ff309 chore(deps): bump docker/metadata-action from 5 to 6
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5 to 6.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](https://github.com/docker/metadata-action/compare/v5...v6)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-09 15:09:58 +00:00

156 lines
4.7 KiB
YAML

name: Vendoo Release
on:
release:
types: [published]
permissions:
contents: read
concurrency:
group: vendoo-release-${{ github.event.release.tag_name }}
cancel-in-progress: false
env:
REGISTRY: ghcr.io
IMAGE_NAME: masterluke77/vendoo
jobs:
release-assets:
name: Release-Paket und Prüfsummen
permissions:
contents: write
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- name: Repository auschecken
uses: actions/checkout@v6
- name: Node.js 22 aktivieren
uses: actions/setup-node@v4
with:
node-version: '22.x'
cache: npm
- name: Abhängigkeiten installieren
run: npm ci
- name: Release-Tag gegen Paketversion prüfen
env:
RELEASE_TAG: ${{ github.event.release.tag_name }}
run: |
EXPECTED="v$(node -p "require('./package.json').version")"
test "$RELEASE_TAG" = "$EXPECTED" || { echo "Release-Tag $RELEASE_TAG passt nicht zu $EXPECTED." >&2; exit 1; }
- name: Vollständige Prüfung
run: |
npm run verify:git
npm run verify:git-regression
npm run verify:git-staging
npm run verify:ignore-boundaries
npm run check
npm run verify:source-boundaries
npm run verify:esm-exports
npm run verify:flux-loop
npm run verify:capabilities
npm run verify:coolify
npm run verify:initial-modules
npm run verify:architecture
npm run verify:themes
npm run verify:security
npm run verify:identity
npm run verify:catalog
npm run verify:modules
npm run verify:deployment
npm run verify:config
npm run verify:installer-shell
npm run verify:db
- name: Release-Staging erzeugen
run: node tools/build-release.mjs
- name: ZIP und SHA-256 erzeugen
id: package
shell: bash
run: |
PACKAGE_NAME="$(cat release-output/RELEASE_NAME.txt)"
cd release-output
zip -r -9 "${PACKAGE_NAME}.zip" "${PACKAGE_NAME}"
sha256sum "${PACKAGE_NAME}.zip" > "${PACKAGE_NAME}.zip.sha256.txt"
echo "package_name=${PACKAGE_NAME}" >> "$GITHUB_OUTPUT"
- name: Assets an GitHub Release anhängen
env:
GH_TOKEN: ${{ github.token }}
TAG: ${{ github.event.release.tag_name }}
PACKAGE_NAME: ${{ steps.package.outputs.package_name }}
run: |
gh release upload "$TAG" \
"release-output/${PACKAGE_NAME}.zip" \
"release-output/${PACKAGE_NAME}.zip.sha256.txt" \
--clobber
- name: Build-Artefakte sichern
uses: actions/upload-artifact@v4
with:
name: ${{ steps.package.outputs.package_name }}
path: |
release-output/${{ steps.package.outputs.package_name }}.zip
release-output/${{ steps.package.outputs.package_name }}.zip.sha256.txt
if-no-files-found: error
retention-days: 30
container:
name: GHCR-Container veröffentlichen
permissions:
contents: read
packages: write
attestations: write
id-token: write
runs-on: ubuntu-latest
timeout-minutes: 35
steps:
- name: Repository auschecken
uses: actions/checkout@v6
- name: Docker Buildx aktivieren
uses: docker/setup-buildx-action@v3
- name: Bei GHCR anmelden
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Container-Metadaten erzeugen
id: meta
uses: docker/metadata-action@v6
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=semver,pattern={{version}},value=${{ github.event.release.tag_name }}
type=semver,pattern={{major}}.{{minor}},value=${{ github.event.release.tag_name }}
type=raw,value=stable,enable=${{ !github.event.release.prerelease }}
type=raw,value=latest,enable=${{ !github.event.release.prerelease }}
- name: Container bauen und veröffentlichen
id: push
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/amd64,linux/arm64
provenance: true
sbom: true
- name: Container-Provenienz attestieren
uses: actions/attest@v4
with:
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true