From d948827a0ec0ab4c5b3925720a764cb85a20b1ab Mon Sep 17 00:00:00 2001 From: Thomas Sauter Date: Thu, 23 Oct 2025 11:16:19 +0200 Subject: [PATCH 1/9] feat: add dynamic registry optional --- .github/workflows/build-monorepo.yaml | 6 +++++- .github/workflows/build.yaml | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-monorepo.yaml b/.github/workflows/build-monorepo.yaml index 15df981..5dc26f9 100644 --- a/.github/workflows/build-monorepo.yaml +++ b/.github/workflows/build-monorepo.yaml @@ -8,6 +8,10 @@ on: PROJECT_ID: required: true type: string + DOCKER_REGISTRY: + required: false + type: string + default: git.kvant.cloud jobs: build_and_push: @@ -45,7 +49,7 @@ jobs: - name: Login into gitea registry uses: docker/login-action@v3 with: - registry: git.kvant.cloud + registry: ${{ inputs.DOCKER_REGISTRY }} username: ${{ inputs.PACKAGE_WRITER_USERNAME }} password: ${{ secrets.PACKAGE_WRITER_TOKEN }} diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index a0b064a..429eeac 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -5,6 +5,10 @@ on: PACKAGE_WRITER_USERNAME: required: true type: string + DOCKER_REGISTRY: + required: false + type: string + default: git.kvant.cloud jobs: build_and_push: runs-on: ubuntu-latest @@ -49,7 +53,7 @@ jobs: - name: Login into gitea registry uses: docker/login-action@v3 with: - registry: git.kvant.cloud + registry: ${{ inputs.DOCKER_REGISTRY }} username: ${{ inputs.PACKAGE_WRITER_USERNAME }} password: ${{ secrets.PACKAGE_WRITER_TOKEN }} From cb2d8f8a3afeb78b01e5ca42d9e6f58973ad6602 Mon Sep 17 00:00:00 2001 From: Thomas Sauter Date: Thu, 23 Oct 2025 16:28:47 +0200 Subject: [PATCH 2/9] update --- .github/workflows/build-monorepo.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-monorepo.yaml b/.github/workflows/build-monorepo.yaml index 5dc26f9..5929eca 100644 --- a/.github/workflows/build-monorepo.yaml +++ b/.github/workflows/build-monorepo.yaml @@ -30,7 +30,7 @@ jobs: tags: | type=ref,event=branch,branch=dev,suffix=-{{sha}},optional=true type=ref,event=branch,branch=dev,value=dev,optional=true - type=match,event=tag,pattern=v(.*),group=1,prefix=v,optional=true + type=match,event=tag,pattern=.*v(\\d+\\.\\d+\\.\\d+).*,group=1,prefix=v,optional=true - name: Print (debug) Docker meta JSON uses: https://github.com/actions/github-script@v8 From 2d0f5e8f27df1511b84a0882af640dc25300947e Mon Sep 17 00:00:00 2001 From: Thomas Sauter Date: Thu, 23 Oct 2025 16:40:05 +0200 Subject: [PATCH 3/9] refine tagging policies --- .github/workflows/build-monorepo.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/build-monorepo.yaml b/.github/workflows/build-monorepo.yaml index 5929eca..2d5923d 100644 --- a/.github/workflows/build-monorepo.yaml +++ b/.github/workflows/build-monorepo.yaml @@ -30,6 +30,8 @@ jobs: tags: | type=ref,event=branch,branch=dev,suffix=-{{sha}},optional=true type=ref,event=branch,branch=dev,value=dev,optional=true + type=match,event=tag,pattern=.*_?(v\d+\.\d+\.\d+(?:-[\w\d.-]+)?),group=1,prefix=v,optional=true + type=match,event=tag,pattern=.*_?(v\d+\.\d+\.\d+(?:-[\w\d.-]+)?),value=latest,optional=true type=match,event=tag,pattern=.*v(\\d+\\.\\d+\\.\\d+).*,group=1,prefix=v,optional=true - name: Print (debug) Docker meta JSON From 0efcb3241a254f756d846c41b133367b1e803c14 Mon Sep 17 00:00:00 2001 From: Thomas Sauter Date: Thu, 23 Oct 2025 16:51:51 +0200 Subject: [PATCH 4/9] update --- .github/workflows/build-monorepo.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-monorepo.yaml b/.github/workflows/build-monorepo.yaml index 2d5923d..12888db 100644 --- a/.github/workflows/build-monorepo.yaml +++ b/.github/workflows/build-monorepo.yaml @@ -30,7 +30,7 @@ jobs: tags: | type=ref,event=branch,branch=dev,suffix=-{{sha}},optional=true type=ref,event=branch,branch=dev,value=dev,optional=true - type=match,event=tag,pattern=.*_?(v\d+\.\d+\.\d+(?:-[\w\d.-]+)?),group=1,prefix=v,optional=true + type=match,event=tag,pattern=.*_?(v\d+\.\d+\.\d+(?:-[\w\d.-]+)?),group=1,prefix=,optional=true type=match,event=tag,pattern=.*_?(v\d+\.\d+\.\d+(?:-[\w\d.-]+)?),value=latest,optional=true type=match,event=tag,pattern=.*v(\\d+\\.\\d+\\.\\d+).*,group=1,prefix=v,optional=true From 4c742dcf065dd9118be6fe8648fe001227163a80 Mon Sep 17 00:00:00 2001 From: Thomas Sauter Date: Fri, 24 Oct 2025 11:26:18 +0200 Subject: [PATCH 5/9] chore: upate latest tag policy on standalone build --- .github/workflows/build.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 429eeac..df9c2a2 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -28,8 +28,6 @@ jobs: type=ref,event=branch,branch=dev,value=dev,optional=true type=match,event=tag,pattern=v(.*),group=1,prefix=v,optional=true type=match,event=tag,pattern=v(.*),value=latest,optional=true - flavor: | - latest=false - name: Print (debug) Docker meta JSON uses: https://github.com/actions/github-script@v8 From 0b09b4159c28bc7a4081375f70564ec51c8a0d98 Mon Sep 17 00:00:00 2001 From: Thomas Sauter Date: Fri, 24 Oct 2025 11:35:13 +0200 Subject: [PATCH 6/9] feat: harden tag pattern matches on standalone versions --- .github/workflows/build.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index df9c2a2..409c2e7 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -26,8 +26,8 @@ jobs: tags: | type=ref,event=branch,branch=dev,suffix=-{{sha}},optional=true type=ref,event=branch,branch=dev,value=dev,optional=true - type=match,event=tag,pattern=v(.*),group=1,prefix=v,optional=true - type=match,event=tag,pattern=v(.*),value=latest,optional=true + type=match,event=tag,pattern=v(\d+\.\d+\.\d+(?:-[\w\d.-]+)?),group=1,prefix=v,optional=true + type=match,event=tag,pattern=v(\d+\.\d+\.\d+(?:-[\w\d.-]+)?),value=latest,optional=true - name: Print (debug) Docker meta JSON uses: https://github.com/actions/github-script@v8 From 3a578df79edbb009bbb500b6d7f0f100e4a47b03 Mon Sep 17 00:00:00 2001 From: Thomas Sauter Date: Fri, 24 Oct 2025 11:38:30 +0200 Subject: [PATCH 7/9] chore: update readme --- README.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/README.md b/README.md index 8d40f7b..809ffde 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,20 @@ GitHub (forgejo) pipelines and other CI/CD utilities for the frontends Phoenix T ## .Github Workflows: Build and push containers +### Tagging + +Only tags following the specified patterns will be considered within container tags. Any other patterns will be ignored, ensuring adherence to the established tagging policy. + +#### Standalone + +- v1.0.0 +- v1.0.0- + +#### Monorepo + +- \_v1.0.0 +- \_v1.0.0- + Containers are built using dedicated `Dockerfile`s located in the `/docker` directory within each project repository. After the build, the images are pushed to the registry. ### `Build` From eee3e692e33890204fe66a63beebbaf868eb0bb4 Mon Sep 17 00:00:00 2001 From: Thomas Sauter Date: Fri, 24 Oct 2025 11:42:06 +0200 Subject: [PATCH 8/9] chore: update readme --- README.md | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 809ffde..47d0f65 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,10 @@ GitHub (forgejo) pipelines and other CI/CD utilities for the frontends Phoenix T ## .Github Workflows: Build and push containers +### Docker / Container build + +Containers are built using dedicated `Dockerfile`s located in the `/docker` directory within each project repository. After the build, the images are pushed to the registry. + ### Tagging Only tags following the specified patterns will be considered within container tags. Any other patterns will be ignored, ensuring adherence to the established tagging policy. @@ -15,20 +19,20 @@ Only tags following the specified patterns will be considered within container t #### Standalone - v1.0.0 -- v1.0.0- +- v1.0.0-\ #### Monorepo - \_v1.0.0 -- \_v1.0.0- +- \_v1.0.0-\ -Containers are built using dedicated `Dockerfile`s located in the `/docker` directory within each project repository. After the build, the images are pushed to the registry. +### Pipelines -### `Build` +#### `Build` A standard single-repository project with a `package.json` file located at the root, managing dependencies for the entire project. -##### Vars (inherited) +###### Vars (inherited) Setuped on org or repo level. @@ -36,13 +40,13 @@ Setuped on org or repo level. | ------------ | --------------- | -------- | | `IMAGE_PATH` | Image base path | ✓ | -##### Inputs +###### Inputs | Key | Description | Required | | ------------------------- | ------------------------------- | -------- | | `PACKAGE_WRITER_USERNAME` | User name of the package writer | ✓ | -##### Secrets +###### Secrets Note: Secrets must be explicitly passed to workflows, even if they are defined at the repository or organization level. This is due to the way Forgejo handles secrets in workflows. @@ -51,11 +55,11 @@ Note: Secrets must be explicitly passed to workflows, even if they are defined a | `PACKAGE_WRITE_TOKEN` | Accesstoken of the package writer | ✓ | | `FONTAWESOME_PACKAGE_TOKEN` | Fontawesome Pro library token (Only needed if FA in use ) | | -### `Build-Monorepo` +#### `Build-Monorepo` A monorepo project based on Turborepo, with individual projects located under the `/apps/` directory. -##### Vars (inherited) +###### Vars (inherited) Setuped on org or repo level. @@ -65,14 +69,14 @@ Setuped on org or repo level. | `TURBO_TEAM` | Turbo repo team ID | | | `TURBO_API` | Turbo repo api url | | -##### Inputs +###### Inputs | Key | Description | Required | | ------------------------- | ------------------------------- | -------- | | `PACKAGE_WRITER_USERNAME` | User name of the package writer | ✓ | | `PROJECT_ID` | ID of the projcet | ✓ | -##### Secrets +###### Secrets Note: Secrets must be explicitly passed to workflows, even if they are defined at the repository or organization level. This is due to the way Forgejo handles secrets in workflows. @@ -84,11 +88,13 @@ Note: Secrets must be explicitly passed to workflows, even if they are defined a ## .Github Workflows: Linting, type checking, code analyzis, dependency tracking -### `Lint` +### Pipelines + +#### `Lint` Linting, type checking, sonarqube, dependency tracking, any testing -##### Vars (inherited) +###### Vars (inherited) Setuped on org or repo level. @@ -98,7 +104,7 @@ Setuped on org or repo level. | `TURBO_API` | Turbo repo api url (only applicable on monorepos) | | | `SONAR_HOST_URL` | Sonarqube Host (required if sonarqube is enabled) | | -##### Inputs +###### Inputs | Key | Description | Required | | -------------------- | ---------------------------------------------------------------------------------- | -------- | @@ -109,7 +115,7 @@ Setuped on org or repo level. | `LINT_SCRIPT` | Script which runs eslint; default: `yarn run lint` | | | `CHECK_TYPES_SCRIPT` | Script which runs tsc type checking: `yarn run check-types` | | -##### Secrets +###### Secrets Note: Secrets must be explicitly passed to workflows, even if they are defined at the repository or organization level. This is due to the way Forgejo handles secrets in workflows. From 4efaa235c7e9a4e292a1767549d901ca0fa40d7b Mon Sep 17 00:00:00 2001 From: Thomas Sauter Date: Mon, 27 Oct 2025 12:47:28 +0100 Subject: [PATCH 9/9] enable turbo caching on the linting --- .github/workflows/lint.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 5e219e1..fff5418 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -41,6 +41,10 @@ jobs: env: NO_YARN_POSTINSTALL: 1 FONTAWESOME_PACKAGE_TOKEN: ${{ secrets.FONTAWESOME_PACKAGE_TOKEN }} + TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }} + TURBO_API: ${{ vars.TURBO_API }} + TURBO_TEAM: ${{ vars.TURBO_TEAM }} + TURBO_URL: ${{ vars.TURBO_URL }} steps: - name: Checkout repository uses: actions/checkout@v5