Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v3...v4) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
156 lines
4.7 KiB
YAML
156 lines
4.7 KiB
YAML
name: Vendoo Release
|
|
|
|
on:
|
|
release:
|
|
types: [published]
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
concurrency:
|
|
group: vendoo-release-${{ github.event.release.tag_name }}
|
|
cancel-in-progress: false
|
|
|
|
env:
|
|
REGISTRY: ghcr.io
|
|
IMAGE_NAME: masterluke77/vendoo
|
|
|
|
jobs:
|
|
release-assets:
|
|
name: Release-Paket und Prüfsummen
|
|
permissions:
|
|
contents: write
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 30
|
|
steps:
|
|
- name: Repository auschecken
|
|
uses: actions/checkout@v6
|
|
|
|
- name: Node.js 22 aktivieren
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: '22.x'
|
|
cache: npm
|
|
|
|
- name: Abhängigkeiten installieren
|
|
run: npm ci
|
|
|
|
- name: Release-Tag gegen Paketversion prüfen
|
|
env:
|
|
RELEASE_TAG: ${{ github.event.release.tag_name }}
|
|
run: |
|
|
EXPECTED="v$(node -p "require('./package.json').version")"
|
|
test "$RELEASE_TAG" = "$EXPECTED" || { echo "Release-Tag $RELEASE_TAG passt nicht zu $EXPECTED." >&2; exit 1; }
|
|
|
|
- name: Vollständige Prüfung
|
|
run: |
|
|
npm run verify:git
|
|
npm run verify:git-regression
|
|
npm run verify:git-staging
|
|
npm run verify:ignore-boundaries
|
|
npm run check
|
|
npm run verify:source-boundaries
|
|
npm run verify:esm-exports
|
|
npm run verify:flux-loop
|
|
npm run verify:capabilities
|
|
npm run verify:coolify
|
|
npm run verify:initial-modules
|
|
npm run verify:architecture
|
|
npm run verify:themes
|
|
npm run verify:security
|
|
npm run verify:identity
|
|
npm run verify:catalog
|
|
npm run verify:modules
|
|
npm run verify:deployment
|
|
npm run verify:config
|
|
npm run verify:installer-shell
|
|
npm run verify:db
|
|
|
|
- name: Release-Staging erzeugen
|
|
run: node tools/build-release.mjs
|
|
|
|
- name: ZIP und SHA-256 erzeugen
|
|
id: package
|
|
shell: bash
|
|
run: |
|
|
PACKAGE_NAME="$(cat release-output/RELEASE_NAME.txt)"
|
|
cd release-output
|
|
zip -r -9 "${PACKAGE_NAME}.zip" "${PACKAGE_NAME}"
|
|
sha256sum "${PACKAGE_NAME}.zip" > "${PACKAGE_NAME}.zip.sha256.txt"
|
|
echo "package_name=${PACKAGE_NAME}" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Assets an GitHub Release anhängen
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
TAG: ${{ github.event.release.tag_name }}
|
|
PACKAGE_NAME: ${{ steps.package.outputs.package_name }}
|
|
run: |
|
|
gh release upload "$TAG" \
|
|
"release-output/${PACKAGE_NAME}.zip" \
|
|
"release-output/${PACKAGE_NAME}.zip.sha256.txt" \
|
|
--clobber
|
|
|
|
- name: Build-Artefakte sichern
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: ${{ steps.package.outputs.package_name }}
|
|
path: |
|
|
release-output/${{ steps.package.outputs.package_name }}.zip
|
|
release-output/${{ steps.package.outputs.package_name }}.zip.sha256.txt
|
|
if-no-files-found: error
|
|
retention-days: 30
|
|
|
|
container:
|
|
name: GHCR-Container veröffentlichen
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
attestations: write
|
|
id-token: write
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 35
|
|
steps:
|
|
- name: Repository auschecken
|
|
uses: actions/checkout@v6
|
|
|
|
- name: Docker Buildx aktivieren
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Bei GHCR anmelden
|
|
uses: docker/login-action@v4
|
|
with:
|
|
registry: ${{ env.REGISTRY }}
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Container-Metadaten erzeugen
|
|
id: meta
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
|
|
tags: |
|
|
type=semver,pattern={{version}},value=${{ github.event.release.tag_name }}
|
|
type=semver,pattern={{major}}.{{minor}},value=${{ github.event.release.tag_name }}
|
|
type=raw,value=stable,enable=${{ !github.event.release.prerelease }}
|
|
type=raw,value=latest,enable=${{ !github.event.release.prerelease }}
|
|
|
|
- name: Container bauen und veröffentlichen
|
|
id: push
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
context: .
|
|
push: true
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
labels: ${{ steps.meta.outputs.labels }}
|
|
platforms: linux/amd64,linux/arm64
|
|
provenance: true
|
|
sbom: true
|
|
|
|
- name: Container-Provenienz attestieren
|
|
uses: actions/attest@v4
|
|
with:
|
|
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
|
|
subject-digest: ${{ steps.push.outputs.digest }}
|
|
push-to-registry: true
|
|
|