diff --git a/.github/workflows/build-monorepo.yaml b/.github/workflows/build-monorepo.yaml index 818c6a8..12888db 100644 --- a/.github/workflows/build-monorepo.yaml +++ b/.github/workflows/build-monorepo.yaml @@ -8,6 +8,10 @@ on: PROJECT_ID: required: true type: string + DOCKER_REGISTRY: + required: false + type: string + default: git.kvant.cloud jobs: build_and_push: @@ -26,10 +30,12 @@ jobs: tags: | type=ref,event=branch,branch=dev,suffix=-{{sha}},optional=true type=ref,event=branch,branch=dev,value=dev,optional=true - type=match,event=tag,pattern=v(.*),group=1,prefix=v,optional=true + type=match,event=tag,pattern=.*_?(v\d+\.\d+\.\d+(?:-[\w\d.-]+)?),group=1,prefix=,optional=true + type=match,event=tag,pattern=.*_?(v\d+\.\d+\.\d+(?:-[\w\d.-]+)?),value=latest,optional=true + type=match,event=tag,pattern=.*v(\\d+\\.\\d+\\.\\d+).*,group=1,prefix=v,optional=true - name: Print (debug) Docker meta JSON - uses: https://github.com/actions/github-script@v7 + uses: https://github.com/actions/github-script@v8 with: script: | const json = JSON.parse(process.env.JSON_STRING); @@ -45,7 +51,7 @@ jobs: - name: Login into gitea registry uses: docker/login-action@v3 with: - registry: git.kvant.cloud + registry: ${{ inputs.DOCKER_REGISTRY }} username: ${{ inputs.PACKAGE_WRITER_USERNAME }} password: ${{ secrets.PACKAGE_WRITER_TOKEN }} diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 999f29d..409c2e7 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -5,6 +5,10 @@ on: PACKAGE_WRITER_USERNAME: required: true type: string + DOCKER_REGISTRY: + required: false + type: string + default: git.kvant.cloud jobs: build_and_push: runs-on: ubuntu-latest @@ -22,13 +26,11 @@ jobs: tags: | type=ref,event=branch,branch=dev,suffix=-{{sha}},optional=true type=ref,event=branch,branch=dev,value=dev,optional=true - type=match,event=tag,pattern=v(.*),group=1,prefix=v,optional=true - type=match,event=tag,pattern=v(.*),value=latest,optional=true - flavor: | - latest=false + type=match,event=tag,pattern=v(\d+\.\d+\.\d+(?:-[\w\d.-]+)?),group=1,prefix=v,optional=true + type=match,event=tag,pattern=v(\d+\.\d+\.\d+(?:-[\w\d.-]+)?),value=latest,optional=true - name: Print (debug) Docker meta JSON - uses: https://github.com/actions/github-script@v7 + uses: https://github.com/actions/github-script@v8 with: script: | const json = JSON.parse(process.env.JSON_STRING); @@ -38,13 +40,18 @@ jobs: console.log(JSON.stringify(json, null, 2)); console.log(""); console.log("------------------------------------------------------------"); + console.log("Container meta runtime env:") + console.log("IMAGE_TAG: ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}") + console.log("VCS_REF: ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}") + console.log("BUILD_DATE: ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }}") + console.log("------------------------------------------------------------"); env: JSON_STRING: ${{ steps.meta.outputs.json }} - name: Login into gitea registry uses: docker/login-action@v3 with: - registry: git.kvant.cloud + registry: ${{ inputs.DOCKER_REGISTRY }} username: ${{ inputs.PACKAGE_WRITER_USERNAME }} password: ${{ secrets.PACKAGE_WRITER_TOKEN }} diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 443dc81..fff5418 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -17,7 +17,23 @@ on: TEST_SCRIPT: required: false type: string - default: yarn run test --ci --passWithNoTests --coverage + default: yarn run test + LINT_SCRIPT: + required: false + type: string + default: yarn run lint + CHECK_TYPES_SCRIPT: + required: false + type: string + default: yarn run check-types + INSTALL_SCRIPT: + required: false + type: string + default: yarn install --immutable --inline-builds + NODE_VERSION: + required: false + type: string + default: "24" jobs: linting_type_checking: @@ -25,14 +41,18 @@ jobs: env: NO_YARN_POSTINSTALL: 1 FONTAWESOME_PACKAGE_TOKEN: ${{ secrets.FONTAWESOME_PACKAGE_TOKEN }} + TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }} + TURBO_API: ${{ vars.TURBO_API }} + TURBO_TEAM: ${{ vars.TURBO_TEAM }} + TURBO_URL: ${{ vars.TURBO_URL }} steps: - name: Checkout repository uses: actions/checkout@v5 - name: Set up Node.js and Corepack - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: - node-version: "22" + node-version: ${{ inputs.NODE_VERSION }} - name: Enable Corepack run: | @@ -40,7 +60,7 @@ jobs: - name: Install dependencies run: | - yarn install --immutable --inline-builds + ${{ inputs.INSTALL_SCRIPT }} - name: Setup repostitory run: | @@ -48,11 +68,11 @@ jobs: - name: Lint source code (eslint) run: | - yarn run lint --max-warnings=0 + ${{ inputs.LINT_SCRIPT }} - name: Static type checking (TypeScript) run: | - yarn run check-types + ${{ inputs.CHECK_TYPES_SCRIPT }} - name: Run tests if: ${{ inputs.TESTS_ENABLED == true }} @@ -60,7 +80,7 @@ jobs: ${{ inputs.TEST_SCRIPT }} - name: Static code analysis with SonarQube - uses: https://github.com/SonarSource/sonarqube-scan-action@v5 + uses: https://github.com/SonarSource/sonarqube-scan-action@v6 if: ${{ inputs.SONARQUBE_ENABLED == true }} env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/README.md b/README.md index 716d225..47d0f65 100644 --- a/README.md +++ b/README.md @@ -8,36 +8,60 @@ GitHub (forgejo) pipelines and other CI/CD utilities for the frontends Phoenix T ## .Github Workflows: Build and push containers +### Docker / Container build + Containers are built using dedicated `Dockerfile`s located in the `/docker` directory within each project repository. After the build, the images are pushed to the registry. -### `Build Standalone` +### Tagging + +Only tags following the specified patterns will be considered within container tags. Any other patterns will be ignored, ensuring adherence to the established tagging policy. + +#### Standalone + +- v1.0.0 +- v1.0.0-\ + +#### Monorepo + +- \_v1.0.0 +- \_v1.0.0-\ + +### Pipelines + +#### `Build` A standard single-repository project with a `package.json` file located at the root, managing dependencies for the entire project. -##### Vars (inherited) +###### Vars (inherited) + +Setuped on org or repo level. | Key | Description | Required | | ------------ | --------------- | -------- | | `IMAGE_PATH` | Image base path | ✓ | -##### Inputs +###### Inputs | Key | Description | Required | | ------------------------- | ------------------------------- | -------- | | `PACKAGE_WRITER_USERNAME` | User name of the package writer | ✓ | -##### Secrets +###### Secrets + +Note: Secrets must be explicitly passed to workflows, even if they are defined at the repository or organization level. This is due to the way Forgejo handles secrets in workflows. | Key | Description | Required | | --------------------------- | --------------------------------------------------------- | -------- | | `PACKAGE_WRITE_TOKEN` | Accesstoken of the package writer | ✓ | | `FONTAWESOME_PACKAGE_TOKEN` | Fontawesome Pro library token (Only needed if FA in use ) | | -### `Build Monorepo` +#### `Build-Monorepo` A monorepo project based on Turborepo, with individual projects located under the `/apps/` directory. -##### Vars (inherited) +###### Vars (inherited) + +Setuped on org or repo level. | Key | Description | Required | | ----------------- | ------------------ | -------- | @@ -45,14 +69,16 @@ A monorepo project based on Turborepo, with individual projects located under th | `TURBO_TEAM` | Turbo repo team ID | | | `TURBO_API` | Turbo repo api url | | -##### Inputs +###### Inputs | Key | Description | Required | | ------------------------- | ------------------------------- | -------- | | `PACKAGE_WRITER_USERNAME` | User name of the package writer | ✓ | | `PROJECT_ID` | ID of the projcet | ✓ | -##### Secrets +###### Secrets + +Note: Secrets must be explicitly passed to workflows, even if they are defined at the repository or organization level. This is due to the way Forgejo handles secrets in workflows. | Key | Description | Required | | --------------------------- | -------------------------------------------------- | -------- | @@ -62,11 +88,15 @@ A monorepo project based on Turborepo, with individual projects located under th ## .Github Workflows: Linting, type checking, code analyzis, dependency tracking -### `Lint` +### Pipelines + +#### `Lint` Linting, type checking, sonarqube, dependency tracking, any testing -##### Vars (inherited) +###### Vars (inherited) + +Setuped on org or repo level. | Key | Description | Required | | ---------------- | ------------------------------------------------- | -------- | @@ -74,18 +104,20 @@ Linting, type checking, sonarqube, dependency tracking, any testing | `TURBO_API` | Turbo repo api url (only applicable on monorepos) | | | `SONAR_HOST_URL` | Sonarqube Host (required if sonarqube is enabled) | | -##### Inputs +###### Inputs -| Key | Description | Required | -| ------------------- | ---------------------------------------------------------------------------------- | -------- | -| `SONARQUBE_ENABLED` | Send source to sonarqube for code analysis; default: `false` | | -| `TESTS_ENABLED` | Enable test suites; default: `false` | | -| `SETUP_REPO_SCRIPT` | Script which runs after install for setting up the repo; default: `yarn run setup` | | -| `TEST_SCRIPT` | Script which runs when tests are enabled; default: `yarn run test:coverage:lcov` | | +| Key | Description | Required | +| -------------------- | ---------------------------------------------------------------------------------- | -------- | +| `SONARQUBE_ENABLED` | Send source to sonarqube for code analysis; default: `false` | | +| `TESTS_ENABLED` | Enable test suites; default: `false` | | +| `SETUP_REPO_SCRIPT` | Script which runs after install for setting up the repo; default: `yarn run setup` | | +| `TEST_SCRIPT` | Script which runs when tests are enabled; default: `yarn run test` | | +| `LINT_SCRIPT` | Script which runs eslint; default: `yarn run lint` | | +| `CHECK_TYPES_SCRIPT` | Script which runs tsc type checking: `yarn run check-types` | | -TEST_SCRIPT +###### Secrets -##### Secrets +Note: Secrets must be explicitly passed to workflows, even if they are defined at the repository or organization level. This is due to the way Forgejo handles secrets in workflows. | Key | Description | Required | | --------------------------- | ----------------------------------------------------------- | -------- |