ci: workflows (7f443eb2) · Commits · Examples / Javascript / Dummy Backend

.github/workflows/docker-publish.yml→.github/workflows/docker.yaml

+21 −37

Original line number	Diff line number	Diff line
		name: Docker
		---
		name: "Docker"

		# This workflow uses actions that are not certified by GitHub.
		# They are provided by a third-party and are governed by
		# separate terms of service, privacy policy, and support
		# documentation.

		on:
		"on":
		pull_request:
		branches:
		# Publish PRs as unsigned images.
		- main
		push:
		# branches: [ "main" ]
		tags:
		# Publish semver tags as releases.
		tags: [ 'v..*' ]
		pull_request:
		branches: [ "main" ]
		- 'v..*'

		env:
		# Use docker.io for Docker Hub if empty
		@@ -19,16 +17,14 @@ env:
		# github.repository as <account>/<repo>
		IMAGE_NAME: ${{ github.repository }}


		jobs:
		build:

		docker:
		name: "Docker"
		runs-on: ubuntu-latest
		permissions:
		contents: read
		packages: write
		# This is used to complete the identity challenge
		# with sigstore/fulcio when running outside of PRs.
		# Required for cosign signing
		id-token: write

		steps:
		@@ -62,7 +58,7 @@ jobs:
		type=ref,event=pr,suffix=-{{sha}}
		type=semver,pattern={{version}}
		type=semver,pattern={{major}}.{{minor}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.0.') && !contains(github.ref, '-') }}
		type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') && !contains(github.ref, '-') }}
		type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v.') && !contains(github.ref, '-') }}
		flavor: \|
		latest=${{ startsWith(github.ref, 'refs/tags/v') && !contains(github.ref, '-') }}

		@@ -76,11 +72,6 @@ jobs:
		restore-keys: \|
		${{ runner.os }}-multi-buildx

		# .npmrc
		- name: Create .npmrc
		run: \|
		echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > .npmrc

		# Build and push Docker image with Buildx
		# https://github.com/docker/build-push-action
		- name: Build and push Docker image
		@@ -96,14 +87,6 @@ jobs:
		# More: https://github.com/moby/buildkit#--export-cache-options
		# And: https://github.com/docker/buildx#--cache-tonametypetypekeyvalue
		cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-new
		#
		secret-files: \|
		npmrc=.npmrc

		# .npmrc
		- name: Delete .npmrc
		run: \|
		rm -f .npmrc

		# Temp fix / Disabled on self-hosted runner
		# https://github.com/docker/build-push-action/issues/252
		@@ -113,7 +96,7 @@ jobs:
		rm -rf /tmp/.buildx-cache
		mv /tmp/.buildx-cache-new /tmp/.buildx-cache

		# * SIGNING ###############################################################################################
		# * SIGNING ##############################################################

		# Install the cosign tool except on PR
		# https://github.com/sigstore/cosign-installer
		@@ -124,14 +107,15 @@ jobs:
		# cosign-release: 'v2.2.2'

		# Sign the resulting Docker image digest except on PRs.
		# This will only write to the public Rekor transparency log when the Docker
		# repository is public to avoid leaking data. If you would like to publish
		# transparency data even for private images, pass --force to cosign below.
		# This will only write to the public Rekor transparency log when the
		# Docker repository is public to avoid leaking data. If you would like
		# to publish transparency data even for private images, pass --force to
		# cosign below.
		# https://github.com/sigstore/cosign
		- name: Sign the published Docker image
		if: ${{ github.event_name != 'pull_request' }}
		env:
		COSIGN_EXPERIMENTAL: "true"
		# This step uses the identity token to provision an ephemeral certificate
		# against the sigstore community Fulcio instance.
		# This step uses the identity token to provision an ephemeral
		# certificate against the sigstore community Fulcio instance.
		run: echo "${{ steps.meta.outputs.tags }}" \| grep -E '^(.+):(.+)-(.+)-(.+)$\|^(.+):([0-9]+).([0-9]+).([0-9]+)(.+)$' \| xargs -I {} cosign sign --yes {}@${{ steps.build-and-push.outputs.digest }}

.github/workflows/push-create_tag.yaml

deleted100644 → 0

+0 −49

Original line number	Diff line number	Diff line
		name: Push [create tag]
		"on":
		push:
		branches:
		- main
		concurrency:
		group: ${{ github.workflow }}-${{ github.ref }}
		cancel-in-progress: false
		jobs:
		merge:
		name: Push [create tag]
		runs-on: ubuntu-latest
		steps:
		- name: Checkout
		if: "${{ ! startsWith(github.event.head_commit.message, 'docs: update changelog for ') }}"
		uses: actions/checkout@v5
		with:
		token: ${{ secrets.PAT }}
		fetch-depth: 0

		- name: Get Next Version
		if: "${{ ! startsWith(github.event.head_commit.message, 'docs: update changelog for ') }}"
		id: semver
		uses: ietf-tools/semver-action@v1.10.2
		with:
		token: ${{ github.token }}
		branch: main
		noVersionBumpBehavior: silent
		noNewCommitBehavior: silent

		- name: Update CHANGELOG.md
		if: "${{ ! startsWith(github.event.head_commit.message, 'docs: update changelog for ') && steps.semver.outputs.next != '' }}"
		uses: orhun/git-cliff-action@v4
		with:
		config: .cliff.git.toml
		args: --tag ${{ steps.semver.outputs.next }}
		env:
		OUTPUT: CHANGELOG.md

		- uses: EndBug/add-and-commit@v9.1.4
		if: "${{ ! startsWith(github.event.head_commit.message, 'docs: update changelog for ') && steps.semver.outputs.next != '' }}"
		with:
		add: 'CHANGELOG.md'
		commit: --signoff
		default_author: github_actor
		fetch: true
		message: 'docs: update changelog for ${{ steps.semver.outputs.next }}'
		tag: '${{ steps.semver.outputs.next }} --force'
		tag_push: '--force'

.github/workflows/push-rebase.yaml→.github/workflows/rebase.yaml

+26 −0

Original line number	Diff line number	Diff line
		name: Push [rebase]
		---
		name: "Rebase"

		"on":
		push:
		branches:
		- main

		concurrency:
		group: push-rebase-main
		cancel-in-progress: true

		jobs:
		rebase:
		name: Push [rebase]
		name: "Rebase"
		runs-on: ubuntu-latest
		permissions:
		pull-requests: write
		contents: write
		steps:
		- name: "Rebase all Dependabot's pull requests on every push to the main branch"
		uses: bbeesley/gha-auto-dependabot-rebase@v1.5.217
		env:
		GITHUB_TOKEN: ${{ secrets.PAT }}
		- name: "Rebase all users' pull requests on release push to the main branch"
		- name: "Rebase all non-draft non-dependencies pull requests"
		uses: peter-evans/rebase@v3.1.0
		with:
		base: main
		exclude-drafts: true
		exclude-labels: \|
		no-rebase
		dependencies
		if: "${{ startsWith(github.event.head_commit.message, 'docs: update changelog for ') }}"
		exclude-labels: dependencies

.github/workflows/release.yaml

0 → 100644

+33 −0

Original line number	Diff line number	Diff line
		---
		name: Release

		"on":
		push:
		branches:
		- main

		jobs:
		release:
		name: "Release"
		runs-on: ubuntu-latest
		permissions:
		contents: write
		concurrency:
		group: semantic-release
		cancel-in-progress: false
		steps:
		- name: Checkout
		uses: actions/checkout@v5
		with:
		fetch-depth: 0
		token: ${{ secrets.SEMANTIC_RELEASE_TOKEN \|\| secrets.GITHUB_TOKEN }}

		- name: Semantic release
		run: \|
		docker run --rm \
		--user 1001 \
		-v ${{ github.workspace }}:/workspace \
		-w /workspace \
		-e GITHUB_TOKEN=${{ secrets.SEMANTIC_RELEASE_TOKEN \|\| secrets.GITHUB_TOKEN }} \
		-e CI=true \
		ghcr.io/disafronov/semantic-release:latest

.github/workflows/tag-release.yaml

deleted100644 → 0

+0 −34

Original line number	Diff line number	Diff line
		name: Tag [release]
		"on":
		push:
		tags:
		- v[0-9]+.[0-9]+.[0-9]+
		jobs:
		tag_release:
		name: Tag [release]
		runs-on: ubuntu-latest
		steps:
		- name: Checkout
		uses: actions/checkout@v5
		with:
		token: ${{ secrets.PAT }}
		fetch-depth: 0

		- name: Update release description .CHANGELOG.md
		uses: orhun/git-cliff-action@v4
		id: changelog-release
		with:
		config: .cliff.release.toml
		args: --current --strip all
		env:
		OUTPUT: .CHANGELOG.md

		- name: Create Release
		uses: ncipollo/release-action@v1.20.0
		with:
		allowUpdates: true
		draft: false
		makeLatest: true
		name: ${{ github.ref_name }}
		body: ${{ steps.changelog-release.outputs.content }}
		token: ${{ secrets.PAT }}