name: Production on: workflow_dispatch: push: tags: - "v*" # This workflow does not support fixing old versions # as this will break the latest and major tags jobs: container-image-build-push: name: Build and Push container Image if: | github.repository_owner == 'wg-easy' && startsWith(github.ref, 'refs/tags/v') permissions: packages: write steps: - uses: actions/checkout@v5 - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Login to DockerHub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} # TODO password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to ghcr.io uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Extract metadata (tags, labels) for Docker id: meta uses: docker/metadata-action@v5 with: # TODO Check if this is the correct image images: | ${{ secrets.DOCKERHUB_USERNAME }}/wg-easy/wg-easy ghcr.io/${{ github.repository }} tags: | type=semver,pattern={{version}} type=semver,pattern={{major}} type=semver,pattern={{major}}.{{minor}} - uses: docker/build-push-action@v6 id: push with: context: . push: true platforms: linux/amd64,linux/arm64,linux/arm/v7 tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} # NOTE - Optimization: Compress images with zstd because extraction it's a lot faster and the image is also smaller outputs: type=image,compression=zstd,force-compression=true # TODO Cache may require no scope if this is the only built image # https://docs.docker.com/build/cache/backends/gha/#scope cache-from: type=gha,scope=build # TODO - Not sure how big the cache get's but you have to maybe change this back to min # https://docs.docker.com/build/cache/backends/#cache-mode cache-to: type=gha,mode=max,scope=build - name: Generate artifact attestation (ghcr.io) uses: actions/attest-build-provenance@v3 with: subject-name: ghcr.io/${{ github.repository }} subject-digest: ${{ steps.push.outputs.digest }} push-to-registry: true docs: name: Build & Deploy Docs runs-on: ubuntu-latest if: | github.repository_owner == 'wg-easy' && startsWith(github.ref, 'refs/tags/v') permissions: contents: write needs: container-image-build-push steps: - uses: actions/checkout@v5 - name: Setup Python uses: actions/setup-python@v6 with: python-version: 3.11.9 cache: "pip" cache-dependency-path: docs/requirements.txt - name: Install Dependencies run: | pip install -r docs/requirements.txt - name: Setup Git User run: | git config --global user.name 'github-actions[bot]' git config --global user.email 'github-actions[bot]@users.noreply.github.com' - name: Build Docs Website run: | cd docs git fetch origin gh-pages --depth=1 || true # Extract version numbers DOCS_VERSION=${GITHUB_REF#refs/tags/} # e.g. v1.2.3 or v1.2.3-beta MINOR_VERSION=$(echo $DOCS_VERSION | cut -d. -f1,2) # e.g. v1.2 # Check if it's a stable release (only numbers, no '-') if [[ "$DOCS_VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then echo "Stable release detected: $DOCS_VERSION" mike deploy --push --update-aliases $MINOR_VERSION latest else echo "Pre-release detected: $DOCS_VERSION" mike deploy --push --update-aliases Pre-release fi