Add GitHub workflow for blog image #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Publish Blog Image | |
| concurrency: | |
| group: blog-build-${{ github.ref }} | |
| cancel-in-progress: true | |
| on: | |
| push: | |
| branches: [master] | |
| tags: ["v*"] | |
| pull_request: | |
| workflow_dispatch: | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: "www-blog" | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Compute image name (lowercase owner/repo) | |
| id: img | |
| run: | | |
| OWNER="$(echo "${GITHUB_REPOSITORY_OWNER}" | tr '[:upper:]' '[:lower:]')" | |
| REPO_NAME="${GITHUB_REPOSITORY##*/}" | |
| IMAGE_NAME="${IMAGE_NAME:-$REPO_NAME}" | |
| IMAGE_NAME="$(echo "${IMAGE_NAME}" | tr '[:upper:]' '[:lower:]')" | |
| echo "IMAGE=${REGISTRY}/${OWNER}/${IMAGE_NAME}" >> "$GITHUB_ENV" | |
| - name: Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.IMAGE }} | |
| tags: | | |
| type=sha | |
| type=ref,event=tag | |
| type=ref,event=branch,enable=${{ github.ref == 'refs/heads/master' }} | |
| type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }} | |
| - name: Set up Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build image for tests | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| push: false | |
| load: true | |
| tags: ${{ env.IMAGE }}:ci | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Run smoke test (curl /) | |
| env: | |
| IMAGE_UNDER_TEST: ${{ env.IMAGE }}:ci | |
| run: | | |
| set -euo pipefail | |
| cid=$(docker run -d -p 0:3000 "$IMAGE_UNDER_TEST") | |
| trap "docker rm -f $cid >/dev/null 2>&1" EXIT | |
| port=$(docker inspect -f '{{ (index (index .NetworkSettings.Ports "3000/tcp") 0).HostPort }}' "$cid") | |
| if [ -z "$port" ]; then | |
| echo "Failed to resolve mapped port for container $cid" >&2 | |
| docker logs "$cid" || true | |
| exit 1 | |
| fi | |
| for i in {1..20}; do | |
| if curl -fsS "http://127.0.0.1:${port}/" > /dev/null; then | |
| exit 0 | |
| fi | |
| sleep 1 | |
| done | |
| echo "Service did not respond on / after 20s" >&2 | |
| docker logs "$cid" || true | |
| exit 1 | |
| - name: Log in to GHCR | |
| if: github.event_name == 'push' && (startsWith(github.ref, 'refs/heads/master') || startsWith(github.ref, 'refs/tags/')) | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.CR_PAT != '' && secrets.CR_PAT || secrets.GITHUB_TOKEN }} | |
| - name: Build and push | |
| if: github.event_name == 'push' && (startsWith(github.ref, 'refs/heads/master') || startsWith(github.ref, 'refs/tags/')) | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max |