name: Release Web on: release: types: [released, prereleased] workflow_dispatch: inputs: ref: description: "Git ref (branch, tag, or SHA) to build" required: false default: "" tag_name: description: "Tag to use for artifacts/images (defaults to )" required: false default: "" attach_to_release: description: "Upload build.tar to an existing GitHub Release (requires tag_name)" required: false type: boolean default: false permissions: contents: write packages: write env: REGISTRY_IMAGE: ghcr.io/${{ github.repository }} jobs: release-web: runs-on: ubuntu-latest steps: - name: Checkout Code uses: actions/checkout@v4 with: # For manual runs, allow building a chosen ref (branch/tag/SHA) ref: ${{ inputs.ref != '' && inputs.ref || github.ref }} - name: Determine tag & latest flag id: meta shell: bash run: | # Determine TAG if [ "${{ github.event_name }}" = "release" ]; then TAG="${{ github.event.release.tag_name }}" # Push "latest" only for full releases (not prereleases) if [ "${{ github.event.release.prerelease }}" = "true" ]; then PUSH_LATEST="false" else PUSH_LATEST="true" fi elif [ -n "${{ inputs.tag_name }}" ]; then TAG="${{ inputs.tag_name }}" PUSH_LATEST="false" else SHA="$(git rev-parse --short=12 HEAD)" TAG="adhoc-${SHA}" PUSH_LATEST="false" fi echo "tag=$TAG" >> "$GITHUB_OUTPUT" echo "push_latest=$PUSH_LATEST" >> "$GITHUB_OUTPUT" echo "Resolved tag: $TAG (push_latest=$PUSH_LATEST)" - name: Setup pnpm uses: pnpm/action-setup@v4 with: version: latest - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: 22 cache: pnpm cache-dependency-path: '**/pnpm-lock.yaml' - name: Install dependencies run: pnpm install --frozen-lockfile - name: Build web package working-directory: packages/web run: pnpm run build - name: Build web package working-directory: packages/web run: pnpm run build - name: Create Web App Release Archive working-directory: packages/web run: pnpm run package - name: Upload Web App Archive (artifact) uses: actions/upload-artifact@v4 with: name: web-build-${{ steps.meta.outputs.tag }} if-no-files-found: error path: packages/web/dist/build.tar - name: Attach Web Archive to GitHub Release if: ${{ github.event_name == 'release' || inputs.attach_to_release == true }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} shell: bash run: | if [ "${{ github.event_name }}" = "release" ]; then TAG="${{ steps.meta.outputs.tag }}" else if [ -z "${{ inputs.tag_name }}" ]; then echo "attach_to_release requested but no tag_name provided." >&2 exit 1 fi TAG="${{ inputs.tag_name }}" fi gh release upload "$TAG" packages/web/dist/build.tar --clobber - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Compute image tags id: tags shell: bash run: | if [ "${{ steps.meta.outputs.push_latest }}" = "true" ]; then echo "list=latest, ${{ steps.meta.outputs.tag }}" >> "$GITHUB_OUTPUT" else echo "list=${{ steps.meta.outputs.tag }}" >> "$GITHUB_OUTPUT" fi TAGS="latest, ${{ steps.meta.outputs.tag }}" else TAGS="${{ steps.meta.outputs.tag }}" fi echo "list=$TAGS" >> "$GITHUB_OUTPUT" echo "Using image tags: $TAGS" - name: Build Container Image id: build-container uses: redhat-actions/buildah-build@v2 with: containerfiles: | ./packages/web/infra/Containerfile image: ${{ env.REGISTRY_IMAGE }} tags: ${{ steps.tags.outputs.list }} oci: true platforms: linux/amd64, linux/arm64 - name: Push Container to GHCR id: push-to-registry uses: redhat-actions/push-to-registry@v2 with: image: ${{ steps.build-container.outputs.image }} tags: ${{ steps.build-container.outputs.tags }} registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Output Image URL run: echo "🖼️ Image pushed to ${{ steps.push-to-registry.outputs.registry-paths }}"