Compare commits

..

1 Commits

Author SHA1 Message Date
Flea Flicker c837e59f0d ci: push Docker images to Gitea registry (git.farh.net)
CI / lint (pull_request) Has been cancelled
CI / test (pull_request) Has been cancelled
CI / audit (pull_request) Has been cancelled
CI / e2e (pull_request) Has been cancelled
CI / lighthouse (pull_request) Has been cancelled
CI / build-and-push (pull_request) Has been cancelled
CI / deploy-dev (pull_request) Has been cancelled
CI / deploy-uat (pull_request) Has been cancelled
2026-05-23 15:37:07 +00:00
+38 -23
View File
@@ -16,12 +16,12 @@ permissions:
security-events: write security-events: write
env: env:
REGISTRY: ghcr.io REGISTRY: git.farh.net
IMAGE_NAME: cartsnitch/app IMAGE_NAME: cartsnitch/app
jobs: jobs:
lint: lint:
runs-on: ubuntu-latest runs-on: runners-cartsnitch
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: actions/setup-node@v4 - uses: actions/setup-node@v4
@@ -35,7 +35,7 @@ jobs:
run: npx tsc --noEmit run: npx tsc --noEmit
test: test:
runs-on: ubuntu-latest runs-on: runners-cartsnitch
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: actions/setup-node@v4 - uses: actions/setup-node@v4
@@ -47,7 +47,7 @@ jobs:
run: npx vitest run run: npx vitest run
audit: audit:
runs-on: ubuntu-latest runs-on: runners-cartsnitch
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: actions/setup-node@v4 - uses: actions/setup-node@v4
@@ -59,7 +59,7 @@ jobs:
run: npm audit --audit-level=high run: npm audit --audit-level=high
e2e: e2e:
runs-on: ubuntu-latest runs-on: runners-cartsnitch
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: actions/setup-node@v4 - uses: actions/setup-node@v4
@@ -71,7 +71,7 @@ jobs:
- run: npx playwright test - run: npx playwright test
lighthouse: lighthouse:
runs-on: ubuntu-latest runs-on: runners-cartsnitch
needs: [test] needs: [test]
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
@@ -96,7 +96,7 @@ jobs:
CHROME_PATH="$CHROME_PATH" lhci autorun --chrome-flags="--headless=new --no-sandbox --disable-gpu --disable-dev-shm-usage" CHROME_PATH="$CHROME_PATH" lhci autorun --chrome-flags="--headless=new --no-sandbox --disable-gpu --disable-dev-shm-usage"
build-and-push: build-and-push:
runs-on: ubuntu-latest runs-on: runners-cartsnitch
if: github.event_name == 'push' if: github.event_name == 'push'
needs: [lint, test, e2e] needs: [lint, test, e2e]
outputs: outputs:
@@ -124,20 +124,13 @@ jobs:
echo "version=$VERSION" >> "$GITHUB_OUTPUT" echo "version=$VERSION" >> "$GITHUB_OUTPUT"
echo "CalVer tag: $VERSION" echo "CalVer tag: $VERSION"
- name: Log in to Docker Hub - name: Log in to Gitea Container Registry
if: github.event_name == 'push' if: github.event_name == 'push'
uses: docker/login-action@v3 uses: docker/login-action@v3
with: with:
username: ${{ secrets.DOCKERHUB_USERNAME }} registry: git.farh.net
password: ${{ secrets.DOCKERHUB_TOKEN }} username: cartsnitch
password: ${{ secrets.GITEA_TOKEN }}
- name: Log in to GHCR
if: github.event_name == 'push'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata - name: Extract metadata
id: meta id: meta
@@ -172,7 +165,11 @@ jobs:
only-fixed: "true" only-fixed: "true"
output-format: sarif output-format: sarif
- name: Upload frontend scan results to GitHub Security
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: ${{ steps.scan.outputs.sarif }}
- name: Push Docker image - name: Push Docker image
if: github.event_name == 'push' if: github.event_name == 'push'
@@ -192,15 +189,24 @@ jobs:
git push origin "v${{ steps.calver.outputs.version }}" git push origin "v${{ steps.calver.outputs.version }}"
deploy-dev: deploy-dev:
runs-on: ubuntu-latest runs-on: runners-cartsnitch
needs: [build-and-push] needs: [build-and-push]
if: always() && !cancelled() && github.event_name == 'push' && (github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main') if: always() && !cancelled() && github.event_name == 'push' && (github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main')
steps: steps:
- name: Generate GitHub App token
id: app-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ secrets.CARTSNITCH_APP_ID }}
private-key: ${{ secrets.CARTSNITCH_APP_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
repositories: infra
- name: Checkout infra repo - name: Checkout infra repo
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
repository: cartsnitch/infra repository: cartsnitch/infra
token: ${{ secrets.GITEA_TOKEN }} token: ${{ steps.app-token.outputs.token }}
ref: main ref: main
path: infra path: infra
@@ -236,15 +242,24 @@ jobs:
git push origin main git push origin main
deploy-uat: deploy-uat:
runs-on: ubuntu-latest runs-on: runners-cartsnitch
needs: [build-and-push] needs: [build-and-push]
if: always() && !cancelled() && github.event_name == 'push' && (github.ref == 'refs/heads/uat' || github.ref == 'refs/heads/main') if: always() && !cancelled() && github.event_name == 'push' && (github.ref == 'refs/heads/uat' || github.ref == 'refs/heads/main')
steps: steps:
- name: Generate GitHub App token
id: app-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ secrets.CARTSNITCH_APP_ID }}
private-key: ${{ secrets.CARTSNITCH_APP_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
repositories: infra
- name: Checkout infra repo - name: Checkout infra repo
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
repository: cartsnitch/infra repository: cartsnitch/infra
token: ${{ secrets.GITEA_TOKEN }} token: ${{ steps.app-token.outputs.token }}
ref: main ref: main
path: infra path: infra