name: build-and-push on: push: tags: - 'v*' env: REGISTRY: 192.168.30.181:3000 REPO_PATH: wpic-dev/datahub jobs: # ───────────────────────────────────────────────────────────── # Pre-gate: tag must point to a commit reachable from master # ───────────────────────────────────────────────────────────── guard-master-only: runs-on: podman steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Verify tag is on master run: | git fetch origin master:refs/remotes/origin/master if ! git branch -r --contains "${{ gitea.sha }}" | grep -qE '(^|\s)origin/master(\s|$)'; then echo "::error::Tag ${{ gitea.ref_name }} (commit ${{ gitea.sha }}) is NOT on master branch. Refusing to build." exit 1 fi echo "OK: tag ${{ gitea.ref_name }} is on master" # ───────────────────────────────────────────────────────────── # Test gates # ───────────────────────────────────────────────────────────── test-backend: runs-on: podman needs: [guard-master-only] container: image: docker.io/hyperf/hyperf:8.3-alpine-v3.19-swoole steps: - uses: actions/checkout@v4 - name: composer install (incl. dev for phpstan) run: cd backend && composer install --no-interaction --no-progress - name: PHP syntax check (parallel) run: | cd backend && find app config bin migrations -name '*.php' -print0 \ | xargs -0 -n1 -P4 php -l - name: phpstan static analysis run: cd backend && composer analyse test-frontend-build: runs-on: podman needs: [guard-master-only] container: image: docker.io/library/node:22-alpine env: PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: '1' steps: - uses: actions/checkout@v4 - name: npm ci run: cd frontend && npm ci --no-audit --no-fund - name: lint (pre-existing baseline tolerated) run: cd frontend && npm run lint continue-on-error: true - name: type-check (vue-tsc) run: cd frontend && npm run type-check - name: unit tests (pre-existing baseline tolerated) run: cd frontend && npm run test:unit -- --run continue-on-error: true - name: build (vite) run: cd frontend && npm run build - name: upload artifacts uses: actions/upload-artifact@v3 with: name: frontend-build path: | frontend/dist frontend/node_modules test-frontend-e2e: runs-on: podman needs: [test-frontend-build] container: image: mcr.microsoft.com/playwright:v1.60.0-noble steps: - uses: actions/checkout@v4 - name: download artifacts uses: actions/download-artifact@v3 with: name: frontend-build path: frontend - name: playwright smoke (chromium only) run: cd frontend && CI=true npx playwright test --project=chromium # ───────────────────────────────────────────────────────────── # Build & push (4 images, parallel where possible) # ───────────────────────────────────────────────────────────── build-backend: runs-on: podman needs: [test-backend] steps: - uses: actions/checkout@v4 - name: Login to Gitea Registry run: | echo "${{ secrets.DATAHUB_CI_CD }}" | \ podman login -u "${{ gitea.actor }}" --password-stdin ${{ env.REGISTRY }} - name: Build run: | podman build --pull --layers \ -t ${{ env.REGISTRY }}/${{ env.REPO_PATH }}/backend:${{ gitea.ref_name }} \ -t ${{ env.REGISTRY }}/${{ env.REPO_PATH }}/backend:stable \ -f backend/Dockerfile \ backend/ - name: Push run: | podman push ${{ env.REGISTRY }}/${{ env.REPO_PATH }}/backend:${{ gitea.ref_name }} podman push ${{ env.REGISTRY }}/${{ env.REPO_PATH }}/backend:stable build-frontend: runs-on: podman needs: [test-frontend-e2e] steps: - uses: actions/checkout@v4 - name: Login to Gitea Registry run: | echo "${{ secrets.DATAHUB_CI_CD }}" | \ podman login -u "${{ gitea.actor }}" --password-stdin ${{ env.REGISTRY }} - name: Build run: | podman build --pull --layers \ --ulimit nofile=65536:65536 \ -t ${{ env.REGISTRY }}/${{ env.REPO_PATH }}/frontend:${{ gitea.ref_name }} \ -t ${{ env.REGISTRY }}/${{ env.REPO_PATH }}/frontend:stable \ -f frontend/Dockerfile \ frontend/ - name: Push run: | podman push ${{ env.REGISTRY }}/${{ env.REPO_PATH }}/frontend:${{ gitea.ref_name }} podman push ${{ env.REGISTRY }}/${{ env.REPO_PATH }}/frontend:stable build-timescaledb2: runs-on: podman needs: [guard-master-only] steps: - uses: actions/checkout@v4 - name: Login to Gitea Registry run: | echo "${{ secrets.DATAHUB_CI_CD }}" | \ podman login -u "${{ gitea.actor }}" --password-stdin ${{ env.REGISTRY }} - name: Build run: | podman build --pull --layers \ -t ${{ env.REGISTRY }}/${{ env.REPO_PATH }}/timescaledb2:${{ gitea.ref_name }} \ -t ${{ env.REGISTRY }}/${{ env.REPO_PATH }}/timescaledb2:stable \ -f docs/tmp/deploy-ref/ci-cd/03-timescaledb-image/Containerfile \ docs/tmp/deploy-ref/ci-cd/03-timescaledb-image/ - name: Push run: | podman push ${{ env.REGISTRY }}/${{ env.REPO_PATH }}/timescaledb2:${{ gitea.ref_name }} podman push ${{ env.REGISTRY }}/${{ env.REPO_PATH }}/timescaledb2:stable build-rabbitmq3: runs-on: podman needs: [guard-master-only] steps: - uses: actions/checkout@v4 - name: Login to Gitea Registry run: | echo "${{ secrets.DATAHUB_CI_CD }}" | \ podman login -u "${{ gitea.actor }}" --password-stdin ${{ env.REGISTRY }} - name: Build run: | podman build --pull --layers \ -t ${{ env.REGISTRY }}/${{ env.REPO_PATH }}/rabbitmq3:${{ gitea.ref_name }} \ -t ${{ env.REGISTRY }}/${{ env.REPO_PATH }}/rabbitmq3:stable \ -f docs/tmp/deploy-ref/ci-cd/04-rabbitmq-image/Containerfile \ docs/tmp/deploy-ref/ci-cd/04-rabbitmq-image/ - name: Push run: | podman push ${{ env.REGISTRY }}/${{ env.REPO_PATH }}/rabbitmq3:${{ gitea.ref_name }} podman push ${{ env.REGISTRY }}/${{ env.REPO_PATH }}/rabbitmq3:stable