π Release & Docker Build #16
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: π Release & Docker Build | |
| on: | |
| push: | |
| branches: [main] | |
| paths-ignore: | |
| - '.github/**' | |
| - '*.md' | |
| - 'docs/**' | |
| pull_request: | |
| branches: [main] | |
| paths: | |
| - 'src/**' | |
| - 'docker-compose*.yml' | |
| - '.dockerignore' | |
| workflow_dispatch: | |
| inputs: | |
| force-release: | |
| description: 'force create release' | |
| type: boolean | |
| default: false | |
| permissions: | |
| contents: write | |
| issues: write | |
| pull-requests: write | |
| packages: write | |
| security-events: write | |
| jobs: | |
| # ============================================ | |
| # Validation Jobs | |
| # ============================================ | |
| validate-compose: | |
| name: π Validate Docker Compose | |
| uses: bauer-group/automation-templates/.github/workflows/modules-validate-compose.yml@main | |
| with: | |
| compose-files: '["docker-compose.local.yml", "docker-compose.traefik.yml", "docker-compose.traefik-header-auth.yml", "docker-compose.development.yml"]' | |
| env-file: '.env.example' | |
| validate-scripts: | |
| name: π Validate Shell Scripts | |
| uses: bauer-group/automation-templates/.github/workflows/modules-validate-shellscript.yml@main | |
| with: | |
| scan-directory: '.' | |
| severity: 'error' | |
| # ============================================ | |
| # Release Job (only on main branch push) | |
| # ============================================ | |
| release: | |
| name: π¦ Create Semantic Release | |
| needs: [validate-compose, validate-scripts] | |
| if: | | |
| (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && | |
| needs.validate-compose.result == 'success' && | |
| needs.validate-scripts.result == 'success' | |
| uses: bauer-group/automation-templates/.github/workflows/modules-semantic-release.yml@main | |
| with: | |
| target-branch: 'main' | |
| dry-run: false | |
| force-release: ${{ inputs.force-release || false }} | |
| secrets: inherit | |
| # ============================================ | |
| # Main Docker Build Jobs | |
| # ============================================ | |
| docker-build-release: | |
| name: π³ Build & Push Main Image | |
| needs: release | |
| if: needs.release.outputs.release-created == 'true' | |
| uses: bauer-group/automation-templates/.github/workflows/docker-build.yml@main | |
| with: | |
| deploy-environment: 'production' | |
| publish-to: 'ghcr' | |
| ghcr-image-name: 'bauer-group/CS-NocoDB/nocodb' | |
| docker-image-name: 'bauergroup/nocodb' | |
| release-version: ${{ needs.release.outputs.version }} | |
| image-tags: 'stable' | |
| update-dockerfile-version: true | |
| auto-tags: true | |
| latest-tag: true | |
| dockerfile-path: './src/nocodb/Dockerfile' | |
| docker-context: './src/nocodb' | |
| platforms: 'linux/amd64' | |
| push: true | |
| security-scan: false | |
| security-fail-on: 'CRITICAL' | |
| generate-sbom: true | |
| sync-dockerhub-readme: true | |
| secrets: inherit | |
| docker-build-pr: | |
| name: π¨ Validate Docker Build (PR) | |
| needs: [validate-compose, validate-scripts] | |
| if: | | |
| github.event_name == 'pull_request' && | |
| needs.validate-compose.result == 'success' && | |
| needs.validate-scripts.result == 'success' | |
| uses: bauer-group/automation-templates/.github/workflows/docker-build.yml@main | |
| with: | |
| publish-to: 'ghcr' | |
| ghcr-image-name: 'bauer-group/CS-NocoDB/nocodb' | |
| auto-tags: true | |
| dockerfile-path: './src/nocodb/Dockerfile' | |
| docker-context: './src/nocodb' | |
| platforms: 'linux/amd64' | |
| push: false | |
| security-scan: false | |
| security-fail-on: 'CRITICAL' | |
| secrets: inherit | |
| # ============================================ | |
| # Init Docker Build Jobs | |
| # ============================================ | |
| docker-build-init-release: | |
| name: π³ Build & Push Init Image | |
| needs: release | |
| if: needs.release.outputs.release-created == 'true' | |
| uses: bauer-group/automation-templates/.github/workflows/docker-build.yml@main | |
| with: | |
| deploy-environment: 'production' | |
| publish-to: 'ghcr' | |
| ghcr-image-name: 'bauer-group/CS-NocoDB/nocodb-init' | |
| docker-image-name: 'bauergroup/nocodb-init' | |
| release-version: ${{ needs.release.outputs.version }} | |
| image-tags: 'stable' | |
| update-dockerfile-version: true | |
| auto-tags: true | |
| latest-tag: true | |
| dockerfile-path: './src/nocodb-init/Dockerfile' | |
| docker-context: './src/nocodb-init' | |
| platforms: 'linux/amd64' | |
| push: true | |
| security-scan: false | |
| security-fail-on: 'CRITICAL' | |
| generate-sbom: true | |
| sync-dockerhub-readme: true | |
| secrets: inherit | |
| docker-build-init-pr: | |
| name: π¨ Validate Init Build (PR) | |
| needs: [validate-compose, validate-scripts] | |
| if: | | |
| github.event_name == 'pull_request' && | |
| needs.validate-compose.result == 'success' && | |
| needs.validate-scripts.result == 'success' | |
| uses: bauer-group/automation-templates/.github/workflows/docker-build.yml@main | |
| with: | |
| publish-to: 'ghcr' | |
| ghcr-image-name: 'bauer-group/CS-NocoDB/nocodb-init' | |
| auto-tags: true | |
| dockerfile-path: './src/nocodb-init/Dockerfile' | |
| docker-context: './src/nocodb-init' | |
| platforms: 'linux/amd64' | |
| push: false | |
| security-scan: false | |
| security-fail-on: 'CRITICAL' | |
| secrets: inherit | |
| # ============================================ | |
| # Backup Docker Build Jobs | |
| # ============================================ | |
| docker-build-backup-release: | |
| name: π³ Build & Push Backup Image | |
| needs: release | |
| if: needs.release.outputs.release-created == 'true' | |
| uses: bauer-group/automation-templates/.github/workflows/docker-build.yml@main | |
| with: | |
| deploy-environment: 'production' | |
| publish-to: 'ghcr' | |
| ghcr-image-name: 'bauer-group/CS-NocoDB/nocodb-backup' | |
| docker-image-name: 'bauergroup/nocodb-backup' | |
| release-version: ${{ needs.release.outputs.version }} | |
| image-tags: 'stable' | |
| update-dockerfile-version: true | |
| auto-tags: true | |
| latest-tag: true | |
| dockerfile-path: './src/nocodb-backup/Dockerfile' | |
| docker-context: './src/nocodb-backup' | |
| platforms: 'linux/amd64' | |
| push: true | |
| security-scan: false | |
| security-fail-on: 'CRITICAL' | |
| generate-sbom: true | |
| sync-dockerhub-readme: true | |
| secrets: inherit | |
| docker-build-backup-pr: | |
| name: π¨ Validate Backup Build (PR) | |
| needs: [validate-compose, validate-scripts] | |
| if: | | |
| github.event_name == 'pull_request' && | |
| needs.validate-compose.result == 'success' && | |
| needs.validate-scripts.result == 'success' | |
| uses: bauer-group/automation-templates/.github/workflows/docker-build.yml@main | |
| with: | |
| publish-to: 'ghcr' | |
| ghcr-image-name: 'bauer-group/CS-NocoDB/nocodb-backup' | |
| auto-tags: true | |
| dockerfile-path: './src/nocodb-backup/Dockerfile' | |
| docker-context: './src/nocodb-backup' | |
| platforms: 'linux/amd64' | |
| push: false | |
| security-scan: false | |
| security-fail-on: 'CRITICAL' | |
| secrets: inherit |