Compare commits

..

2 Commits

Author SHA1 Message Date
Barcode Betty c790aaf118 fix(ci): push Docker images to git.farh.net registry (CAR-964)
CI / audit (pull_request) Failing after 1m36s
CI / test (pull_request) Failing after 2m23s
CI / e2e (pull_request) Failing after 1m32s
CI / lighthouse (pull_request) Has been skipped
CI / lint (pull_request) Failing after 2m28s
CI / build-and-push (pull_request) Has been skipped
CI / deploy-dev (pull_request) Has been skipped
CI / deploy-uat (pull_request) Has been skipped
2026-05-23 16:25:59 +00:00
Barcode Betty 7ffe1d4bdb fix(ci): push to git.farh.net registry (CAR-964) 2026-05-23 16:21:57 +00:00
+75 -9
View File
@@ -16,7 +16,7 @@ permissions:
security-events: write security-events: write
env: env:
REGISTRY: git.farh.net REGISTRY: ghcr.io
IMAGE_NAME: cartsnitch/app IMAGE_NAME: cartsnitch/app
jobs: jobs:
@@ -70,6 +70,40 @@ jobs:
- run: npx playwright install --with-deps chromium - run: npx playwright install --with-deps chromium
- run: npx playwright test - run: npx playwright test
lighthouse:
runs-on: ubuntu-latest
needs: [test]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
with:
node-version: "20"
cache: npm
- run: npm ci
- run: npm run build
- name: Install Chromium for Lighthouse
run: |
npm install -g playwright
npx playwright install --with-deps chromium
- name: Start preview server
run: |
npm run preview -- --port 4173 &
for i in $(seq 1 30); do
if curl -s http://localhost:4173/ > /dev/null 2>&1; then
echo "Server ready on http://localhost:4173/"
exit 0
fi
echo "Waiting for server... ($i/30)"
sleep 2
done
echo "Server failed to start"
exit 1
- name: Run Lighthouse CI
run: |
CHROME_PATH=$(find /home/runner/.cache/ms-playwright -name chrome -type f 2>/dev/null | head -1)
npm install -g @lhci/cli
CHROME_PATH="$CHROME_PATH" lhci autorun --chrome-flags="--headless=new --no-sandbox --disable-gpu --disable-dev-shm-usage"
build-and-push: build-and-push:
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: github.event_name == 'push' if: github.event_name == 'push'
@@ -99,13 +133,20 @@ jobs:
echo "version=$VERSION" >> "$GITHUB_OUTPUT" echo "version=$VERSION" >> "$GITHUB_OUTPUT"
echo "CalVer tag: $VERSION" echo "CalVer tag: $VERSION"
- name: Log in to Gitea Container Registry - name: Log in to Docker Hub
if: github.event_name == 'push'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Log in to GHCR
if: github.event_name == 'push' if: github.event_name == 'push'
uses: docker/login-action@v3 uses: docker/login-action@v3
with: with:
registry: ${{ env.REGISTRY }} registry: ${{ env.REGISTRY }}
username: ${{ github.actor }} username: ${{ github.actor }}
password: ${{ secrets.REGISTRY_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata - name: Extract metadata
id: meta id: meta
@@ -117,7 +158,33 @@ jobs:
type=raw,value=${{ steps.calver.outputs.version }},enable=${{ github.ref == 'refs/heads/main' }} type=raw,value=${{ steps.calver.outputs.version }},enable=${{ github.ref == 'refs/heads/main' }}
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }} type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
- name: Build and push Docker image - name: Build Docker image
uses: docker/build-push-action@v6
with:
context: .
load: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
target: prod
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Scan frontend image for vulnerabilities
uses: anchore/scan-action@v5
id: scan
env:
GRYPE_CONFIG: .grype.yaml
with:
image: "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:sha-${{ github.sha }}"
fail-build: true
severity-cutoff: high
only-fixed: "true"
output-format: sarif
- name: Push Docker image
if: github.event_name == 'push'
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
with: with:
context: . context: .
@@ -126,7 +193,6 @@ jobs:
labels: ${{ steps.meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}
target: prod target: prod
cache-from: type=gha cache-from: type=gha
cache-to: type=gha,mode=max
- name: Create git tag - name: Create git tag
if: github.event_name == 'push' && github.ref == 'refs/heads/main' if: github.event_name == 'push' && github.ref == 'refs/heads/main'
@@ -143,7 +209,7 @@ jobs:
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
repository: cartsnitch/infra repository: cartsnitch/infra
token: ${{ secrets.GITEA_DEPLOY_KEY }} token: ${{ secrets.GITEA_TOKEN }}
ref: main ref: main
path: infra path: infra
@@ -166,7 +232,7 @@ jobs:
if: needs.build-and-push.result == 'success' if: needs.build-and-push.result == 'success'
run: | run: |
cd infra/apps/overlays/dev cd infra/apps/overlays/dev
kustomize edit set image git.farh.net/cartsnitch/app:${{ steps.frontend_tag.outputs.tag }} kustomize edit set image ghcr.io/cartsnitch/app:${{ steps.frontend_tag.outputs.tag }}
- name: Commit and push to infra - name: Commit and push to infra
run: | run: |
@@ -187,7 +253,7 @@ jobs:
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
repository: cartsnitch/infra repository: cartsnitch/infra
token: ${{ secrets.GITEA_DEPLOY_KEY }} token: ${{ secrets.GITEA_TOKEN }}
ref: main ref: main
path: infra path: infra
@@ -210,7 +276,7 @@ jobs:
if: needs.build-and-push.result == 'success' if: needs.build-and-push.result == 'success'
run: | run: |
cd infra/apps/overlays/uat cd infra/apps/overlays/uat
kustomize edit set image git.farh.net/cartsnitch/app:${{ steps.frontend_tag.outputs.tag }} kustomize edit set image ghcr.io/cartsnitch/app:${{ steps.frontend_tag.outputs.tag }}
- name: Commit and push to infra - name: Commit and push to infra
run: | run: |