feat(ci): tag docker image on git tags

licenseware · Feb 7, 2024 · 314d441 · 314d441
1 parent 5a4c79f
commit 314d441
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 13 deletions.
diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml
@@ -77,8 +77,6 @@ jobs:
       metadata: ${{ steps.build-push.outputs.metadata }}
     runs-on: ${{ inputs.runner }}
     steps:
-      - name: Github Security Monitor
-        uses: GitHubSecurityLab/actions-permissions/monitor@v1
       - name: Checkout
         uses: actions/checkout@v4
         with:

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -1,7 +1,7 @@
 name: ci
 
 concurrency:
-  cancel-in-progress: ${{ ! (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) }}
+  cancel-in-progress: ${{ ! (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')) }}
   group: ci-${{ github.ref_name }}-${{ github.event_name }}
 
 on:
@@ -57,6 +57,45 @@ jobs:
       DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
       DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
 
+  build-tag:
+    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
+    permissions:
+      contents: read
+      packages: write
+    uses: ./.github/workflows/build-docker.yml
+    with:
+      context: .
+      image-name: ghcr.io/${{ github.repository }}
+      image-extra-tags: |
+        ghcr.io/${{ github.repository }}:${{ github.ref_name }}
+      platforms: linux/amd64,linux/arm64
+      push: true
+      scout-cves: true
+      scout-compare: false
+      scout-comment-pr: false
+    secrets:
+      DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
+      DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
+
+  github-release:
+    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Create a GitHub release
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          gh release create ${{ github.ref_name }} \
+            --title ${{ github.ref_name }} \
+            --latest \
+            --generate-notes \
+            --verify-tag
+
+
   checks:
     if: contains(fromJSON('["push", "pull_request", "schedule"]'), github.event_name)
     runs-on: ubuntu-latest
@@ -73,13 +112,3 @@ jobs:
         with:
           message: "chore: lint 🚨"
           new_branch: ${{ github.head_ref || github.ref_name }}
-      - name: Install mypy
-        run: |
-          pip install -U pip 'mypy<2'
-      - name: Run mypy
-        run: |
-          echo -e "# mypy output\n\n" >> $GITHUB_STEP_SUMMARY
-          echo -e "<details><summary>Expand</summary>\n\n\`\`\`bash" >> $GITHUB_STEP_SUMMARY
-          mypy | tee -a $GITHUB_STEP_SUMMARY
-          echo -e "\`\`\`" >> $GITHUB_STEP_SUMMARY
-          echo -e "</details>\n\n" >> $GITHUB_STEP_SUMMARY