From 675980904045a49380efa2df96ca892256eed6ce Mon Sep 17 00:00:00 2001 From: Thomas Sauter Date: Wed, 22 Oct 2025 22:53:03 +0200 Subject: [PATCH 01/21] chore: update readme --- README.md | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 716d225..747c3fc 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,8 @@ A standard single-repository project with a `package.json` file located at the r ##### Vars (inherited) +Setuped on org or repo level. + | Key | Description | Required | | ------------ | --------------- | -------- | | `IMAGE_PATH` | Image base path | ✓ | @@ -28,6 +30,8 @@ A standard single-repository project with a `package.json` file located at the r ##### Secrets +Note: Secrets must be explicitly passed to workflows, even if they are defined at the repository or organization level. This is due to the way Forgejo handles secrets in workflows. + | Key | Description | Required | | --------------------------- | --------------------------------------------------------- | -------- | | `PACKAGE_WRITE_TOKEN` | Accesstoken of the package writer | ✓ | @@ -39,6 +43,8 @@ A monorepo project based on Turborepo, with individual projects located under th ##### Vars (inherited) +Setuped on org or repo level. + | Key | Description | Required | | ----------------- | ------------------ | -------- | | `IMAGE_BASE_PATH` | Image base path | ✓ | @@ -54,6 +60,8 @@ A monorepo project based on Turborepo, with individual projects located under th ##### Secrets +Note: Secrets must be explicitly passed to workflows, even if they are defined at the repository or organization level. This is due to the way Forgejo handles secrets in workflows. + | Key | Description | Required | | --------------------------- | -------------------------------------------------- | -------- | | `PACKAGE_WRITE_TOKEN` | Access token of the package writer | ✓ | @@ -68,6 +76,8 @@ Linting, type checking, sonarqube, dependency tracking, any testing ##### Vars (inherited) +Setuped on org or repo level. + | Key | Description | Required | | ---------------- | ------------------------------------------------- | -------- | | `TURBO_TEAM` | Turbo repo team ID (only applicable on monorepos) | | @@ -83,10 +93,10 @@ Linting, type checking, sonarqube, dependency tracking, any testing | `SETUP_REPO_SCRIPT` | Script which runs after install for setting up the repo; default: `yarn run setup` | | | `TEST_SCRIPT` | Script which runs when tests are enabled; default: `yarn run test:coverage:lcov` | | -TEST_SCRIPT - ##### Secrets +Note: Secrets must be explicitly passed to workflows, even if they are defined at the repository or organization level. This is due to the way Forgejo handles secrets in workflows. + | Key | Description | Required | | --------------------------- | ----------------------------------------------------------- | -------- | | `TURBO_TOKEN` | Access token for turbo cache (only applicable on monorepos) | | From 9239fe16e67518054c6397dfd563b01aab2b4853 Mon Sep 17 00:00:00 2001 From: Thomas Sauter Date: Wed, 22 Oct 2025 23:03:21 +0200 Subject: [PATCH 02/21] update --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 747c3fc..54a72cf 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ GitHub (forgejo) pipelines and other CI/CD utilities for the frontends Phoenix T Containers are built using dedicated `Dockerfile`s located in the `/docker` directory within each project repository. After the build, the images are pushed to the registry. -### `Build Standalone` +### `Build` A standard single-repository project with a `package.json` file located at the root, managing dependencies for the entire project. @@ -37,7 +37,7 @@ Note: Secrets must be explicitly passed to workflows, even if they are defined a | `PACKAGE_WRITE_TOKEN` | Accesstoken of the package writer | ✓ | | `FONTAWESOME_PACKAGE_TOKEN` | Fontawesome Pro library token (Only needed if FA in use ) | | -### `Build Monorepo` +### `Build-Monorepo` A monorepo project based on Turborepo, with individual projects located under the `/apps/` directory. From d8523348ce08d0319bc5b0647d2900aca5d9a52b Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 22 Oct 2025 22:26:43 +0000 Subject: [PATCH 03/21] ci(github-action)!: Update actions/setup-node action to v6 (renovate) --- .github/workflows/lint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 443dc81..c2461a3 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -30,7 +30,7 @@ jobs: uses: actions/checkout@v5 - name: Set up Node.js and Corepack - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: node-version: "22" From 8422c3301389704a89680631829c2878af816744 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 22 Oct 2025 22:26:45 +0000 Subject: [PATCH 04/21] ci(github-action)!: Update https://github.com/SonarSource/sonarqube-scan-action action to v6 (renovate) --- .github/workflows/lint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 443dc81..afaa7b6 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -60,7 +60,7 @@ jobs: ${{ inputs.TEST_SCRIPT }} - name: Static code analysis with SonarQube - uses: https://github.com/SonarSource/sonarqube-scan-action@v5 + uses: https://github.com/SonarSource/sonarqube-scan-action@v6 if: ${{ inputs.SONARQUBE_ENABLED == true }} env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} From 7ee2574b7557d2783be541bf61c7867cc213ab29 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 22 Oct 2025 22:26:47 +0000 Subject: [PATCH 05/21] ci(github-action)!: Update https://github.com/actions/github-script action to v8 (renovate) --- .github/workflows/build-monorepo.yaml | 2 +- .github/workflows/build.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-monorepo.yaml b/.github/workflows/build-monorepo.yaml index 818c6a8..15df981 100644 --- a/.github/workflows/build-monorepo.yaml +++ b/.github/workflows/build-monorepo.yaml @@ -29,7 +29,7 @@ jobs: type=match,event=tag,pattern=v(.*),group=1,prefix=v,optional=true - name: Print (debug) Docker meta JSON - uses: https://github.com/actions/github-script@v7 + uses: https://github.com/actions/github-script@v8 with: script: | const json = JSON.parse(process.env.JSON_STRING); diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 999f29d..eec63f6 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -28,7 +28,7 @@ jobs: latest=false - name: Print (debug) Docker meta JSON - uses: https://github.com/actions/github-script@v7 + uses: https://github.com/actions/github-script@v8 with: script: | const json = JSON.parse(process.env.JSON_STRING); From e9ceac2b4b9619592bc2ec36c63716e0d56fcaf4 Mon Sep 17 00:00:00 2001 From: Thomas Sauter Date: Thu, 23 Oct 2025 09:02:35 +0200 Subject: [PATCH 06/21] extend functionality --- .github/workflows/lint.yaml | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 443dc81..cb7963f 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -18,6 +18,22 @@ on: required: false type: string default: yarn run test --ci --passWithNoTests --coverage + LINT_SCRIPT: + required: false + type: string + default: yarn run lint --max-warnings=0 + TYPE_CHECKING_SCRIPT: + required: false + type: string + default: yarn run check-types + INSTALL_SCRIPT: + required: false + type: string + default: yarn install --immutable --inline-builds + NODE_VERSION: + required: false + type: string + default: "24" jobs: linting_type_checking: @@ -32,7 +48,7 @@ jobs: - name: Set up Node.js and Corepack uses: actions/setup-node@v4 with: - node-version: "22" + node-version: ${{ inputs.NODE_VERSION }} - name: Enable Corepack run: | @@ -40,7 +56,7 @@ jobs: - name: Install dependencies run: | - yarn install --immutable --inline-builds + ${{ inputs.INSTALL_SCRIPT }} - name: Setup repostitory run: | @@ -48,11 +64,11 @@ jobs: - name: Lint source code (eslint) run: | - yarn run lint --max-warnings=0 + ${{ inputs.LINT_SCRIPT }} - name: Static type checking (TypeScript) run: | - yarn run check-types + ${{ inputs.TYPE_CHECKING_SCRIPT }} - name: Run tests if: ${{ inputs.TESTS_ENABLED == true }} From 0501a2fd557e09e6513b57d512ad05ab47365668 Mon Sep 17 00:00:00 2001 From: Thomas Sauter Date: Thu, 23 Oct 2025 09:06:52 +0200 Subject: [PATCH 07/21] chore: update readme --- .github/workflows/lint.yaml | 8 ++++---- README.md | 14 ++++++++------ 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index cb7963f..4278258 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -17,12 +17,12 @@ on: TEST_SCRIPT: required: false type: string - default: yarn run test --ci --passWithNoTests --coverage + default: yarn run test LINT_SCRIPT: required: false type: string - default: yarn run lint --max-warnings=0 - TYPE_CHECKING_SCRIPT: + default: yarn run lint + CHECK_TYPES_SCRIPT: required: false type: string default: yarn run check-types @@ -68,7 +68,7 @@ jobs: - name: Static type checking (TypeScript) run: | - ${{ inputs.TYPE_CHECKING_SCRIPT }} + ${{ inputs.CHECK_TYPES_SCRIPT}} - name: Run tests if: ${{ inputs.TESTS_ENABLED == true }} diff --git a/README.md b/README.md index 54a72cf..8d40f7b 100644 --- a/README.md +++ b/README.md @@ -86,12 +86,14 @@ Setuped on org or repo level. ##### Inputs -| Key | Description | Required | -| ------------------- | ---------------------------------------------------------------------------------- | -------- | -| `SONARQUBE_ENABLED` | Send source to sonarqube for code analysis; default: `false` | | -| `TESTS_ENABLED` | Enable test suites; default: `false` | | -| `SETUP_REPO_SCRIPT` | Script which runs after install for setting up the repo; default: `yarn run setup` | | -| `TEST_SCRIPT` | Script which runs when tests are enabled; default: `yarn run test:coverage:lcov` | | +| Key | Description | Required | +| -------------------- | ---------------------------------------------------------------------------------- | -------- | +| `SONARQUBE_ENABLED` | Send source to sonarqube for code analysis; default: `false` | | +| `TESTS_ENABLED` | Enable test suites; default: `false` | | +| `SETUP_REPO_SCRIPT` | Script which runs after install for setting up the repo; default: `yarn run setup` | | +| `TEST_SCRIPT` | Script which runs when tests are enabled; default: `yarn run test` | | +| `LINT_SCRIPT` | Script which runs eslint; default: `yarn run lint` | | +| `CHECK_TYPES_SCRIPT` | Script which runs tsc type checking: `yarn run check-types` | | ##### Secrets From 96cb5c8ca56df2e842bac9189bf6e669cf7c41c0 Mon Sep 17 00:00:00 2001 From: Thomas Sauter Date: Thu, 23 Oct 2025 09:51:45 +0200 Subject: [PATCH 08/21] update --- .github/workflows/build.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index eec63f6..a0b064a 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -38,6 +38,11 @@ jobs: console.log(JSON.stringify(json, null, 2)); console.log(""); console.log("------------------------------------------------------------"); + console.log("Container meta runtime env:") + console.log("IMAGE_TAG: ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}") + console.log("VCS_REF: ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}") + console.log("BUILD_DATE: ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }}") + console.log("------------------------------------------------------------"); env: JSON_STRING: ${{ steps.meta.outputs.json }} From 94b3548ec82294b27f68fad718c8702c9c11f03a Mon Sep 17 00:00:00 2001 From: Thomas Sauter Date: Thu, 23 Oct 2025 10:00:06 +0200 Subject: [PATCH 09/21] upate --- .github/workflows/lint.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 14dced5..1a057c7 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -56,6 +56,10 @@ jobs: - name: Install dependencies run: | + echo "--------------------------------------------------------------------" + echo "Install dependencies" + echo script: "${{ inputs.INSTALL_SCRIPT }}" + echo "--------------------------------------------------------------------" ${{ inputs.INSTALL_SCRIPT }} - name: Setup repostitory From f4a5e749fa254d37b81b74ec9850b32b7f942305 Mon Sep 17 00:00:00 2001 From: Thomas Sauter Date: Thu, 23 Oct 2025 10:03:20 +0200 Subject: [PATCH 10/21] update --- .github/workflows/lint.yaml | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 1a057c7..aae6f47 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -56,27 +56,43 @@ jobs: - name: Install dependencies run: | - echo "--------------------------------------------------------------------" + echo "-----------------------------------------------------------------------------------------------------" echo "Install dependencies" echo script: "${{ inputs.INSTALL_SCRIPT }}" - echo "--------------------------------------------------------------------" + echo "-----------------------------------------------------------------------------------------------------" ${{ inputs.INSTALL_SCRIPT }} - name: Setup repostitory - run: | + run: | + echo "-----------------------------------------------------------------------------------------------------" + echo "Setup repostitory" + echo script: "${{ inputs.SETUP_REPO_SCRIPT }}" + echo "-----------------------------------------------------------------------------------------------------" ${{ inputs.SETUP_REPO_SCRIPT }} - name: Lint source code (eslint) run: | + echo "-----------------------------------------------------------------------------------------------------" + echo "Lint source code (eslint)" + echo script: "${{ inputs.LINT_SCRIPT }}" + echo "-----------------------------------------------------------------------------------------------------" ${{ inputs.LINT_SCRIPT }} - name: Static type checking (TypeScript) run: | - ${{ inputs.CHECK_TYPES_SCRIPT}} + echo "-----------------------------------------------------------------------------------------------------" + echo "Static type checking (TypeScript)" + echo script: "${{ inputs.CHECK_TYPES_SCRIPT }}" + echo "-----------------------------------------------------------------------------------------------------" + ${{ inputs.CHECK_TYPES_SCRIPT }} - name: Run tests if: ${{ inputs.TESTS_ENABLED == true }} run: | + echo "-----------------------------------------------------------------------------------------------------" + echo "Run tests" + echo script: "${{ inputs.TEST_SCRIPT }}" + echo "-----------------------------------------------------------------------------------------------------" ${{ inputs.TEST_SCRIPT }} - name: Static code analysis with SonarQube From 3b25dc1c11122f8cbcb5f37e4fcdd0e3f40faa7e Mon Sep 17 00:00:00 2001 From: Thomas Sauter Date: Thu, 23 Oct 2025 10:08:46 +0200 Subject: [PATCH 11/21] update --- .github/workflows/lint.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index aae6f47..b777719 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -58,15 +58,15 @@ jobs: run: | echo "-----------------------------------------------------------------------------------------------------" echo "Install dependencies" - echo script: "${{ inputs.INSTALL_SCRIPT }}" + echo "script: "${{ inputs.INSTALL_SCRIPT }}" echo "-----------------------------------------------------------------------------------------------------" ${{ inputs.INSTALL_SCRIPT }} - name: Setup repostitory - run: | + run: | echo "-----------------------------------------------------------------------------------------------------" echo "Setup repostitory" - echo script: "${{ inputs.SETUP_REPO_SCRIPT }}" + echo "script: "${{ inputs.SETUP_REPO_SCRIPT }}" echo "-----------------------------------------------------------------------------------------------------" ${{ inputs.SETUP_REPO_SCRIPT }} @@ -74,7 +74,7 @@ jobs: run: | echo "-----------------------------------------------------------------------------------------------------" echo "Lint source code (eslint)" - echo script: "${{ inputs.LINT_SCRIPT }}" + echo "script: "${{ inputs.LINT_SCRIPT }}" echo "-----------------------------------------------------------------------------------------------------" ${{ inputs.LINT_SCRIPT }} @@ -82,7 +82,7 @@ jobs: run: | echo "-----------------------------------------------------------------------------------------------------" echo "Static type checking (TypeScript)" - echo script: "${{ inputs.CHECK_TYPES_SCRIPT }}" + echo "script: "${{ inputs.CHECK_TYPES_SCRIPT }}" echo "-----------------------------------------------------------------------------------------------------" ${{ inputs.CHECK_TYPES_SCRIPT }} @@ -91,7 +91,7 @@ jobs: run: | echo "-----------------------------------------------------------------------------------------------------" echo "Run tests" - echo script: "${{ inputs.TEST_SCRIPT }}" + echo "script: "${{ inputs.TEST_SCRIPT }}" echo "-----------------------------------------------------------------------------------------------------" ${{ inputs.TEST_SCRIPT }} From 35e11b7a5cb98ae2356c9fc6a1da0e58ed172857 Mon Sep 17 00:00:00 2001 From: Thomas Sauter Date: Thu, 23 Oct 2025 10:12:35 +0200 Subject: [PATCH 12/21] update --- .github/workflows/lint.yaml | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index b777719..5e219e1 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -56,43 +56,23 @@ jobs: - name: Install dependencies run: | - echo "-----------------------------------------------------------------------------------------------------" - echo "Install dependencies" - echo "script: "${{ inputs.INSTALL_SCRIPT }}" - echo "-----------------------------------------------------------------------------------------------------" ${{ inputs.INSTALL_SCRIPT }} - name: Setup repostitory run: | - echo "-----------------------------------------------------------------------------------------------------" - echo "Setup repostitory" - echo "script: "${{ inputs.SETUP_REPO_SCRIPT }}" - echo "-----------------------------------------------------------------------------------------------------" ${{ inputs.SETUP_REPO_SCRIPT }} - name: Lint source code (eslint) run: | - echo "-----------------------------------------------------------------------------------------------------" - echo "Lint source code (eslint)" - echo "script: "${{ inputs.LINT_SCRIPT }}" - echo "-----------------------------------------------------------------------------------------------------" ${{ inputs.LINT_SCRIPT }} - name: Static type checking (TypeScript) run: | - echo "-----------------------------------------------------------------------------------------------------" - echo "Static type checking (TypeScript)" - echo "script: "${{ inputs.CHECK_TYPES_SCRIPT }}" - echo "-----------------------------------------------------------------------------------------------------" ${{ inputs.CHECK_TYPES_SCRIPT }} - name: Run tests if: ${{ inputs.TESTS_ENABLED == true }} run: | - echo "-----------------------------------------------------------------------------------------------------" - echo "Run tests" - echo "script: "${{ inputs.TEST_SCRIPT }}" - echo "-----------------------------------------------------------------------------------------------------" ${{ inputs.TEST_SCRIPT }} - name: Static code analysis with SonarQube From d948827a0ec0ab4c5b3925720a764cb85a20b1ab Mon Sep 17 00:00:00 2001 From: Thomas Sauter Date: Thu, 23 Oct 2025 11:16:19 +0200 Subject: [PATCH 13/21] feat: add dynamic registry optional --- .github/workflows/build-monorepo.yaml | 6 +++++- .github/workflows/build.yaml | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-monorepo.yaml b/.github/workflows/build-monorepo.yaml index 15df981..5dc26f9 100644 --- a/.github/workflows/build-monorepo.yaml +++ b/.github/workflows/build-monorepo.yaml @@ -8,6 +8,10 @@ on: PROJECT_ID: required: true type: string + DOCKER_REGISTRY: + required: false + type: string + default: git.kvant.cloud jobs: build_and_push: @@ -45,7 +49,7 @@ jobs: - name: Login into gitea registry uses: docker/login-action@v3 with: - registry: git.kvant.cloud + registry: ${{ inputs.DOCKER_REGISTRY }} username: ${{ inputs.PACKAGE_WRITER_USERNAME }} password: ${{ secrets.PACKAGE_WRITER_TOKEN }} diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index a0b064a..429eeac 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -5,6 +5,10 @@ on: PACKAGE_WRITER_USERNAME: required: true type: string + DOCKER_REGISTRY: + required: false + type: string + default: git.kvant.cloud jobs: build_and_push: runs-on: ubuntu-latest @@ -49,7 +53,7 @@ jobs: - name: Login into gitea registry uses: docker/login-action@v3 with: - registry: git.kvant.cloud + registry: ${{ inputs.DOCKER_REGISTRY }} username: ${{ inputs.PACKAGE_WRITER_USERNAME }} password: ${{ secrets.PACKAGE_WRITER_TOKEN }} From cb2d8f8a3afeb78b01e5ca42d9e6f58973ad6602 Mon Sep 17 00:00:00 2001 From: Thomas Sauter Date: Thu, 23 Oct 2025 16:28:47 +0200 Subject: [PATCH 14/21] update --- .github/workflows/build-monorepo.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-monorepo.yaml b/.github/workflows/build-monorepo.yaml index 5dc26f9..5929eca 100644 --- a/.github/workflows/build-monorepo.yaml +++ b/.github/workflows/build-monorepo.yaml @@ -30,7 +30,7 @@ jobs: tags: | type=ref,event=branch,branch=dev,suffix=-{{sha}},optional=true type=ref,event=branch,branch=dev,value=dev,optional=true - type=match,event=tag,pattern=v(.*),group=1,prefix=v,optional=true + type=match,event=tag,pattern=.*v(\\d+\\.\\d+\\.\\d+).*,group=1,prefix=v,optional=true - name: Print (debug) Docker meta JSON uses: https://github.com/actions/github-script@v8 From 2d0f5e8f27df1511b84a0882af640dc25300947e Mon Sep 17 00:00:00 2001 From: Thomas Sauter Date: Thu, 23 Oct 2025 16:40:05 +0200 Subject: [PATCH 15/21] refine tagging policies --- .github/workflows/build-monorepo.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/build-monorepo.yaml b/.github/workflows/build-monorepo.yaml index 5929eca..2d5923d 100644 --- a/.github/workflows/build-monorepo.yaml +++ b/.github/workflows/build-monorepo.yaml @@ -30,6 +30,8 @@ jobs: tags: | type=ref,event=branch,branch=dev,suffix=-{{sha}},optional=true type=ref,event=branch,branch=dev,value=dev,optional=true + type=match,event=tag,pattern=.*_?(v\d+\.\d+\.\d+(?:-[\w\d.-]+)?),group=1,prefix=v,optional=true + type=match,event=tag,pattern=.*_?(v\d+\.\d+\.\d+(?:-[\w\d.-]+)?),value=latest,optional=true type=match,event=tag,pattern=.*v(\\d+\\.\\d+\\.\\d+).*,group=1,prefix=v,optional=true - name: Print (debug) Docker meta JSON From 0efcb3241a254f756d846c41b133367b1e803c14 Mon Sep 17 00:00:00 2001 From: Thomas Sauter Date: Thu, 23 Oct 2025 16:51:51 +0200 Subject: [PATCH 16/21] update --- .github/workflows/build-monorepo.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-monorepo.yaml b/.github/workflows/build-monorepo.yaml index 2d5923d..12888db 100644 --- a/.github/workflows/build-monorepo.yaml +++ b/.github/workflows/build-monorepo.yaml @@ -30,7 +30,7 @@ jobs: tags: | type=ref,event=branch,branch=dev,suffix=-{{sha}},optional=true type=ref,event=branch,branch=dev,value=dev,optional=true - type=match,event=tag,pattern=.*_?(v\d+\.\d+\.\d+(?:-[\w\d.-]+)?),group=1,prefix=v,optional=true + type=match,event=tag,pattern=.*_?(v\d+\.\d+\.\d+(?:-[\w\d.-]+)?),group=1,prefix=,optional=true type=match,event=tag,pattern=.*_?(v\d+\.\d+\.\d+(?:-[\w\d.-]+)?),value=latest,optional=true type=match,event=tag,pattern=.*v(\\d+\\.\\d+\\.\\d+).*,group=1,prefix=v,optional=true From 4c742dcf065dd9118be6fe8648fe001227163a80 Mon Sep 17 00:00:00 2001 From: Thomas Sauter Date: Fri, 24 Oct 2025 11:26:18 +0200 Subject: [PATCH 17/21] chore: upate latest tag policy on standalone build --- .github/workflows/build.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 429eeac..df9c2a2 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -28,8 +28,6 @@ jobs: type=ref,event=branch,branch=dev,value=dev,optional=true type=match,event=tag,pattern=v(.*),group=1,prefix=v,optional=true type=match,event=tag,pattern=v(.*),value=latest,optional=true - flavor: | - latest=false - name: Print (debug) Docker meta JSON uses: https://github.com/actions/github-script@v8 From 0b09b4159c28bc7a4081375f70564ec51c8a0d98 Mon Sep 17 00:00:00 2001 From: Thomas Sauter Date: Fri, 24 Oct 2025 11:35:13 +0200 Subject: [PATCH 18/21] feat: harden tag pattern matches on standalone versions --- .github/workflows/build.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index df9c2a2..409c2e7 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -26,8 +26,8 @@ jobs: tags: | type=ref,event=branch,branch=dev,suffix=-{{sha}},optional=true type=ref,event=branch,branch=dev,value=dev,optional=true - type=match,event=tag,pattern=v(.*),group=1,prefix=v,optional=true - type=match,event=tag,pattern=v(.*),value=latest,optional=true + type=match,event=tag,pattern=v(\d+\.\d+\.\d+(?:-[\w\d.-]+)?),group=1,prefix=v,optional=true + type=match,event=tag,pattern=v(\d+\.\d+\.\d+(?:-[\w\d.-]+)?),value=latest,optional=true - name: Print (debug) Docker meta JSON uses: https://github.com/actions/github-script@v8 From 3a578df79edbb009bbb500b6d7f0f100e4a47b03 Mon Sep 17 00:00:00 2001 From: Thomas Sauter Date: Fri, 24 Oct 2025 11:38:30 +0200 Subject: [PATCH 19/21] chore: update readme --- README.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/README.md b/README.md index 8d40f7b..809ffde 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,20 @@ GitHub (forgejo) pipelines and other CI/CD utilities for the frontends Phoenix T ## .Github Workflows: Build and push containers +### Tagging + +Only tags following the specified patterns will be considered within container tags. Any other patterns will be ignored, ensuring adherence to the established tagging policy. + +#### Standalone + +- v1.0.0 +- v1.0.0- + +#### Monorepo + +- \_v1.0.0 +- \_v1.0.0- + Containers are built using dedicated `Dockerfile`s located in the `/docker` directory within each project repository. After the build, the images are pushed to the registry. ### `Build` From eee3e692e33890204fe66a63beebbaf868eb0bb4 Mon Sep 17 00:00:00 2001 From: Thomas Sauter Date: Fri, 24 Oct 2025 11:42:06 +0200 Subject: [PATCH 20/21] chore: update readme --- README.md | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 809ffde..47d0f65 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,10 @@ GitHub (forgejo) pipelines and other CI/CD utilities for the frontends Phoenix T ## .Github Workflows: Build and push containers +### Docker / Container build + +Containers are built using dedicated `Dockerfile`s located in the `/docker` directory within each project repository. After the build, the images are pushed to the registry. + ### Tagging Only tags following the specified patterns will be considered within container tags. Any other patterns will be ignored, ensuring adherence to the established tagging policy. @@ -15,20 +19,20 @@ Only tags following the specified patterns will be considered within container t #### Standalone - v1.0.0 -- v1.0.0- +- v1.0.0-\ #### Monorepo - \_v1.0.0 -- \_v1.0.0- +- \_v1.0.0-\ -Containers are built using dedicated `Dockerfile`s located in the `/docker` directory within each project repository. After the build, the images are pushed to the registry. +### Pipelines -### `Build` +#### `Build` A standard single-repository project with a `package.json` file located at the root, managing dependencies for the entire project. -##### Vars (inherited) +###### Vars (inherited) Setuped on org or repo level. @@ -36,13 +40,13 @@ Setuped on org or repo level. | ------------ | --------------- | -------- | | `IMAGE_PATH` | Image base path | ✓ | -##### Inputs +###### Inputs | Key | Description | Required | | ------------------------- | ------------------------------- | -------- | | `PACKAGE_WRITER_USERNAME` | User name of the package writer | ✓ | -##### Secrets +###### Secrets Note: Secrets must be explicitly passed to workflows, even if they are defined at the repository or organization level. This is due to the way Forgejo handles secrets in workflows. @@ -51,11 +55,11 @@ Note: Secrets must be explicitly passed to workflows, even if they are defined a | `PACKAGE_WRITE_TOKEN` | Accesstoken of the package writer | ✓ | | `FONTAWESOME_PACKAGE_TOKEN` | Fontawesome Pro library token (Only needed if FA in use ) | | -### `Build-Monorepo` +#### `Build-Monorepo` A monorepo project based on Turborepo, with individual projects located under the `/apps/` directory. -##### Vars (inherited) +###### Vars (inherited) Setuped on org or repo level. @@ -65,14 +69,14 @@ Setuped on org or repo level. | `TURBO_TEAM` | Turbo repo team ID | | | `TURBO_API` | Turbo repo api url | | -##### Inputs +###### Inputs | Key | Description | Required | | ------------------------- | ------------------------------- | -------- | | `PACKAGE_WRITER_USERNAME` | User name of the package writer | ✓ | | `PROJECT_ID` | ID of the projcet | ✓ | -##### Secrets +###### Secrets Note: Secrets must be explicitly passed to workflows, even if they are defined at the repository or organization level. This is due to the way Forgejo handles secrets in workflows. @@ -84,11 +88,13 @@ Note: Secrets must be explicitly passed to workflows, even if they are defined a ## .Github Workflows: Linting, type checking, code analyzis, dependency tracking -### `Lint` +### Pipelines + +#### `Lint` Linting, type checking, sonarqube, dependency tracking, any testing -##### Vars (inherited) +###### Vars (inherited) Setuped on org or repo level. @@ -98,7 +104,7 @@ Setuped on org or repo level. | `TURBO_API` | Turbo repo api url (only applicable on monorepos) | | | `SONAR_HOST_URL` | Sonarqube Host (required if sonarqube is enabled) | | -##### Inputs +###### Inputs | Key | Description | Required | | -------------------- | ---------------------------------------------------------------------------------- | -------- | @@ -109,7 +115,7 @@ Setuped on org or repo level. | `LINT_SCRIPT` | Script which runs eslint; default: `yarn run lint` | | | `CHECK_TYPES_SCRIPT` | Script which runs tsc type checking: `yarn run check-types` | | -##### Secrets +###### Secrets Note: Secrets must be explicitly passed to workflows, even if they are defined at the repository or organization level. This is due to the way Forgejo handles secrets in workflows. From 4efaa235c7e9a4e292a1767549d901ca0fa40d7b Mon Sep 17 00:00:00 2001 From: Thomas Sauter Date: Mon, 27 Oct 2025 12:47:28 +0100 Subject: [PATCH 21/21] enable turbo caching on the linting --- .github/workflows/lint.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 5e219e1..fff5418 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -41,6 +41,10 @@ jobs: env: NO_YARN_POSTINSTALL: 1 FONTAWESOME_PACKAGE_TOKEN: ${{ secrets.FONTAWESOME_PACKAGE_TOKEN }} + TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }} + TURBO_API: ${{ vars.TURBO_API }} + TURBO_TEAM: ${{ vars.TURBO_TEAM }} + TURBO_URL: ${{ vars.TURBO_URL }} steps: - name: Checkout repository uses: actions/checkout@v5