|
1 | 1 | name: Publish the GUI/CLI Docker Images |
2 | 2 |
|
3 | 3 | on: |
4 | | - workflow_run: |
5 | | - workflows: ["pytest"] |
6 | | - types: |
7 | | - - completed |
| 4 | + release: |
| 5 | + types: [published] |
| 6 | + push: |
| 7 | + tags: |
| 8 | + - 'v*.*.*-gui' |
| 9 | + - 'v*.*.*-cli' |
8 | 10 |
|
9 | 11 | env: |
10 | 12 | REGISTRY: ghcr.io |
|
13 | 15 | jobs: |
14 | 16 | build-and-push-image: |
15 | 17 | runs-on: ubuntu-latest |
16 | | - if: github.event.workflow_run.conclusion == 'success' |
17 | 18 |
|
18 | 19 | permissions: |
19 | 20 | contents: read |
20 | 21 | packages: write |
21 | 22 | attestations: write |
22 | 23 | id-token: write |
23 | 24 |
|
24 | | - strategy: |
25 | | - matrix: |
26 | | - include: |
27 | | - - branch: main |
28 | | - target: gui |
29 | | - tag-prefix: gui |
30 | | - - branch: cli |
31 | | - target: base |
32 | | - tag-prefix: cli |
33 | | - |
34 | 25 | steps: |
35 | 26 | - name: Checkout repository |
36 | 27 | uses: actions/checkout@v5 |
37 | 28 |
|
| 29 | + - name: Verify version matches release tag |
| 30 | + run: | |
| 31 | + TAG_VERSION=${GITHUB_REF#refs/tags/v} |
| 32 | + PYPROJECT_VERSION=$(grep '^version = ' pyproject.toml | cut -d'"' -f2) |
| 33 | + if [ "$TAG_VERSION" != "$PYPROJECT_VERSION" ]; then |
| 34 | + echo "Version mismatch! Release tag: v$TAG_VERSION, pyproject.toml: $PYPROJECT_VERSION" |
| 35 | + echo "Please update pyproject.toml version to match the release tag." |
| 36 | + exit 1 |
| 37 | + fi |
| 38 | +
|
| 39 | + SUFFIX=${GITHUB_REF##*-} |
| 40 | + if [ "${{ github.event_name }}" = "release" ]; then |
| 41 | + BRANCH="${{ github.event.release.target_commitish }}" |
| 42 | + else |
| 43 | + BRANCH="${{ github.ref_name }}" |
| 44 | + fi |
| 45 | +
|
| 46 | + if [ "$SUFFIX" = "gui" ]; then |
| 47 | + if [[ "$BRANCH" = "main" || "$BRANCH" == *"gui"* ]]; then |
| 48 | + TARGET="gui" |
| 49 | + else |
| 50 | + echo "GUI tag must target 'main' or a branch containing 'gui', got: $BRANCH" |
| 51 | + exit 1 |
| 52 | + fi |
| 53 | + elif [ "$SUFFIX" = "cli" ]; then |
| 54 | + if [[ "$BRANCH" == *"cli"* ]]; then |
| 55 | + TARGET="base" |
| 56 | + else |
| 57 | + echo "CLI tag must target a branch containing 'cli', got: $BRANCH" |
| 58 | + exit 1 |
| 59 | + fi |
| 60 | + else |
| 61 | + echo "Invalid tag suffix: $SUFFIX" |
| 62 | + exit 1 |
| 63 | + fi |
| 64 | + echo "TARGET=$TARGET" >> $GITHUB_ENV |
| 65 | + echo "Version check passed: $TAG_VERSION" |
| 66 | +
|
38 | 67 | - name: Log in to the Container registry |
39 | | - uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 |
| 68 | + uses: docker/login-action@v2 |
40 | 69 | with: |
41 | 70 | registry: ${{ env.REGISTRY }} |
42 | 71 | username: ${{ github.actor }} |
43 | 72 | password: ${{ secrets.GITHUB_TOKEN }} |
44 | 73 |
|
45 | 74 | - name: Extract metadata |
46 | 75 | id: meta |
47 | | - if: github.ref_name == matrix.branch |
48 | | - uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 |
| 76 | + uses: docker/metadata-action@v5 |
49 | 77 | with: |
50 | 78 | images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} |
51 | 79 | tags: | |
52 | | - type=raw,value=${{ matrix.tag-prefix }}-latest |
53 | | - type=sha,prefix=${{ matrix.tag-prefix }}- |
| 80 | + type=raw,value=${{ env.TARGET }}-latest |
| 81 | + type=ref,event=tag |
54 | 82 |
|
55 | 83 | - name: Build and push image |
56 | | - if: github.ref_name == matrix.branch |
57 | | - uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 |
| 84 | + uses: docker/build-push-action@v4 |
58 | 85 | with: |
59 | 86 | context: . |
60 | 87 | file: Dockerfile |
61 | | - target: ${{ matrix.target }} |
| 88 | + target: ${{ env.TARGET }} |
62 | 89 | push: true |
63 | 90 | tags: ${{ steps.meta.outputs.tags }} |
64 | 91 | labels: ${{ steps.meta.outputs.labels }} |
0 commit comments