vndangkhoa/open-design
1
0
Fork 0
mirror of https://github.com/nexu-io/open-design.git synced 2026-06-01 03:14:35 +07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
open-design/.github/workflows/docker-image.yml
Cursor Agent 708f37dddb
feat(deploy): GitHub Actions workflow for multi-arch image push 
Plan K4 / spec §15.5 / spec §16 Phase 5.

.github/workflows/docker-image.yml builds and pushes
ghcr.io/<owner>/od on three triggers:

  - push to main          → :edge + :sha-<short> + :main-<UTC>
  - tag vX.Y.Z            → :X.Y.Z + :latest + :sha-<short>
  - pull request          → smoke build only (no push)
  - workflow_dispatch     → manual trigger

Multi-arch via QEMU + Buildx (linux/amd64 + linux/arm64).
Authenticates against GHCR via GITHUB_TOKEN with packages:write.
Uses GitHub Actions cache (type=gha) to keep rebuilds fast.

The build-args override to node:24-bookworm-slim that spec §15.1
nominates is intentionally NOT applied yet — the in-tree
deploy/Dockerfile uses alpine + apk for build tooling, and switching
the base needs the apk lines re-cast as apt-get. That's a follow-up;
the canonical alpine image is functionally equivalent for v1.

Co-authored-by: Tom Huang <1043269994@qq.com>
2026-05-09 13:39:17 +00:00

80 lines
2.6 KiB
YAML
Raw Blame History

name: Docker image
# Phase 5 / spec §15.5 — multi-arch image builds.
#
# Pushes to ghcr.io on:
# - main branch → ghcr.io/<owner>/od:edge + :sha-<short>
# - tag (v*) → ghcr.io/<owner>/od:<tag> + :latest
#
# Pull requests build the image but do not push (smoke test only).
on:
push:
branches: [main]
tags: ['v*.*.*']
pull_request:
branches: [main]
workflow_dispatch:
jobs:
build-and-push:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
with:
platforms: linux/amd64,linux/arm64
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GitHub Container Registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository_owner }}/od
# spec §15.1 tag scheme:
# - main → :edge + :sha-<short>
# - vX.Y.Z → :X.Y.Z + :latest
# - any branch → :branch-<name>
tags: |
type=ref,event=branch,suffix=-{{date 'YYYYMMDD-HHmmss' tz='UTC'}}
type=ref,event=tag
type=raw,value=edge,enable=${{ github.ref == 'refs/heads/main' }}
type=raw,value=latest,enable=${{ startsWith(github.ref, 'refs/tags/v') }}
type=sha,prefix=sha-,format=short
- name: Build and push
uses: docker/build-push-action@v6
with:
context: .
file: deploy/Dockerfile
# spec §15.1 — multi-arch single manifest
platforms: linux/amd64,linux/arm64
# PR builds smoke-test the build only; merges to main /
# tags publish.
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
# The in-tree Dockerfile uses node:24-alpine + apk for build
# tooling; we keep that default so the workflow doesn't drift
# from local builds. Spec §15.1 nominates bookworm-slim as
# the canonical base; switching is a follow-up that needs
# the Dockerfile's apk lines re-cast for apt.
cache-from: type=gha
cache-to: type=gha,mode=max
Reference in a new issue View git blame Copy permalink