From 4c742dcf065dd9118be6fe8648fe001227163a80 Mon Sep 17 00:00:00 2001 From: Thomas Sauter Date: Fri, 24 Oct 2025 11:26:18 +0200 Subject: [PATCH 1/5] chore: upate latest tag policy on standalone build --- .github/workflows/build.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 429eeac..df9c2a2 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -28,8 +28,6 @@ jobs: type=ref,event=branch,branch=dev,value=dev,optional=true type=match,event=tag,pattern=v(.*),group=1,prefix=v,optional=true type=match,event=tag,pattern=v(.*),value=latest,optional=true - flavor: | - latest=false - name: Print (debug) Docker meta JSON uses: https://github.com/actions/github-script@v8 From 0b09b4159c28bc7a4081375f70564ec51c8a0d98 Mon Sep 17 00:00:00 2001 From: Thomas Sauter Date: Fri, 24 Oct 2025 11:35:13 +0200 Subject: [PATCH 2/5] feat: harden tag pattern matches on standalone versions --- .github/workflows/build.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index df9c2a2..409c2e7 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -26,8 +26,8 @@ jobs: tags: | type=ref,event=branch,branch=dev,suffix=-{{sha}},optional=true type=ref,event=branch,branch=dev,value=dev,optional=true - type=match,event=tag,pattern=v(.*),group=1,prefix=v,optional=true - type=match,event=tag,pattern=v(.*),value=latest,optional=true + type=match,event=tag,pattern=v(\d+\.\d+\.\d+(?:-[\w\d.-]+)?),group=1,prefix=v,optional=true + type=match,event=tag,pattern=v(\d+\.\d+\.\d+(?:-[\w\d.-]+)?),value=latest,optional=true - name: Print (debug) Docker meta JSON uses: https://github.com/actions/github-script@v8 From 3a578df79edbb009bbb500b6d7f0f100e4a47b03 Mon Sep 17 00:00:00 2001 From: Thomas Sauter Date: Fri, 24 Oct 2025 11:38:30 +0200 Subject: [PATCH 3/5] chore: update readme --- README.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/README.md b/README.md index 8d40f7b..809ffde 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,20 @@ GitHub (forgejo) pipelines and other CI/CD utilities for the frontends Phoenix T ## .Github Workflows: Build and push containers +### Tagging + +Only tags following the specified patterns will be considered within container tags. Any other patterns will be ignored, ensuring adherence to the established tagging policy. + +#### Standalone + +- v1.0.0 +- v1.0.0- + +#### Monorepo + +- \_v1.0.0 +- \_v1.0.0- + Containers are built using dedicated `Dockerfile`s located in the `/docker` directory within each project repository. After the build, the images are pushed to the registry. ### `Build` From eee3e692e33890204fe66a63beebbaf868eb0bb4 Mon Sep 17 00:00:00 2001 From: Thomas Sauter Date: Fri, 24 Oct 2025 11:42:06 +0200 Subject: [PATCH 4/5] chore: update readme --- README.md | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 809ffde..47d0f65 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,10 @@ GitHub (forgejo) pipelines and other CI/CD utilities for the frontends Phoenix T ## .Github Workflows: Build and push containers +### Docker / Container build + +Containers are built using dedicated `Dockerfile`s located in the `/docker` directory within each project repository. After the build, the images are pushed to the registry. + ### Tagging Only tags following the specified patterns will be considered within container tags. Any other patterns will be ignored, ensuring adherence to the established tagging policy. @@ -15,20 +19,20 @@ Only tags following the specified patterns will be considered within container t #### Standalone - v1.0.0 -- v1.0.0- +- v1.0.0-\ #### Monorepo - \_v1.0.0 -- \_v1.0.0- +- \_v1.0.0-\ -Containers are built using dedicated `Dockerfile`s located in the `/docker` directory within each project repository. After the build, the images are pushed to the registry. +### Pipelines -### `Build` +#### `Build` A standard single-repository project with a `package.json` file located at the root, managing dependencies for the entire project. -##### Vars (inherited) +###### Vars (inherited) Setuped on org or repo level. @@ -36,13 +40,13 @@ Setuped on org or repo level. | ------------ | --------------- | -------- | | `IMAGE_PATH` | Image base path | ✓ | -##### Inputs +###### Inputs | Key | Description | Required | | ------------------------- | ------------------------------- | -------- | | `PACKAGE_WRITER_USERNAME` | User name of the package writer | ✓ | -##### Secrets +###### Secrets Note: Secrets must be explicitly passed to workflows, even if they are defined at the repository or organization level. This is due to the way Forgejo handles secrets in workflows. @@ -51,11 +55,11 @@ Note: Secrets must be explicitly passed to workflows, even if they are defined a | `PACKAGE_WRITE_TOKEN` | Accesstoken of the package writer | ✓ | | `FONTAWESOME_PACKAGE_TOKEN` | Fontawesome Pro library token (Only needed if FA in use ) | | -### `Build-Monorepo` +#### `Build-Monorepo` A monorepo project based on Turborepo, with individual projects located under the `/apps/` directory. -##### Vars (inherited) +###### Vars (inherited) Setuped on org or repo level. @@ -65,14 +69,14 @@ Setuped on org or repo level. | `TURBO_TEAM` | Turbo repo team ID | | | `TURBO_API` | Turbo repo api url | | -##### Inputs +###### Inputs | Key | Description | Required | | ------------------------- | ------------------------------- | -------- | | `PACKAGE_WRITER_USERNAME` | User name of the package writer | ✓ | | `PROJECT_ID` | ID of the projcet | ✓ | -##### Secrets +###### Secrets Note: Secrets must be explicitly passed to workflows, even if they are defined at the repository or organization level. This is due to the way Forgejo handles secrets in workflows. @@ -84,11 +88,13 @@ Note: Secrets must be explicitly passed to workflows, even if they are defined a ## .Github Workflows: Linting, type checking, code analyzis, dependency tracking -### `Lint` +### Pipelines + +#### `Lint` Linting, type checking, sonarqube, dependency tracking, any testing -##### Vars (inherited) +###### Vars (inherited) Setuped on org or repo level. @@ -98,7 +104,7 @@ Setuped on org or repo level. | `TURBO_API` | Turbo repo api url (only applicable on monorepos) | | | `SONAR_HOST_URL` | Sonarqube Host (required if sonarqube is enabled) | | -##### Inputs +###### Inputs | Key | Description | Required | | -------------------- | ---------------------------------------------------------------------------------- | -------- | @@ -109,7 +115,7 @@ Setuped on org or repo level. | `LINT_SCRIPT` | Script which runs eslint; default: `yarn run lint` | | | `CHECK_TYPES_SCRIPT` | Script which runs tsc type checking: `yarn run check-types` | | -##### Secrets +###### Secrets Note: Secrets must be explicitly passed to workflows, even if they are defined at the repository or organization level. This is due to the way Forgejo handles secrets in workflows. From 4efaa235c7e9a4e292a1767549d901ca0fa40d7b Mon Sep 17 00:00:00 2001 From: Thomas Sauter Date: Mon, 27 Oct 2025 12:47:28 +0100 Subject: [PATCH 5/5] enable turbo caching on the linting --- .github/workflows/lint.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 5e219e1..fff5418 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -41,6 +41,10 @@ jobs: env: NO_YARN_POSTINSTALL: 1 FONTAWESOME_PACKAGE_TOKEN: ${{ secrets.FONTAWESOME_PACKAGE_TOKEN }} + TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }} + TURBO_API: ${{ vars.TURBO_API }} + TURBO_TEAM: ${{ vars.TURBO_TEAM }} + TURBO_URL: ${{ vars.TURBO_URL }} steps: - name: Checkout repository uses: actions/checkout@v5