Test CI (#42)

lucadruda · web-flow · commit d5c3196f4df4 · 2025-07-01T17:47:40.000+02:00
* pin versions

* enable bump version

* add multi platform

* prevent autorelease

* try checkout with ver

* fix checkout

* remove version checkout

* remove tag checkout

* add registrymcp

* fix tag list
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -3,9 +3,10 @@ name: Release Docker Image
 run-name: Release Docker Image ${{ github.event_name == 'workflow_dispatch' && inputs.service || '(auto-deploy)' }}
 
 on:
-  push:
-    branches:
-      - main
+  # TODO: Uncomment this when wf is ready to be triggered by push
+  # push:
+  #   branches:
+  #     - main
 
   workflow_dispatch:
     inputs:
@@ -14,6 +15,15 @@ on:
           Version (of the form "1.2.3") or Branch (of the form "origin/branch-name").
           Leave empty to bump the latest version.
         type: string
+      version_level:
+        description: The level of the version to bump.
+        type: choice
+        default: 'minor'
+        required: false
+        options:
+          - 'major'
+          - 'minor'
+          - 'patch' 
       build_local:
         type: boolean
         default: false
@@ -59,7 +69,7 @@ jobs:
     timeout-minutes: 10
     steps:
       - name: Setup
-        uses: docker/actions/setup-go@setup-go/v1
+        uses: docker/actions/setup-go@33488d0ac7cf5f3616b656b8f2bf28b45467976c #v1.17.0
         id: setup_go
         with:
           app_id: ${{ secrets.HUB_PLATFORM_APP_ID }}
@@ -70,32 +80,25 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
         with:
           token: ${{ steps.setup_go.outputs.token }}
-          fetch-depth: 0
+          fetch-depth: 0 
 
       - name: Bump Version
         id: bump_version
-        if: github.event_name == 'push' && inputs.version == ''
-        uses: docker/actions/bump-version@bump-version/v1.1.0
+        uses: docker/actions/bump-version@132452b833c5fae71bc674fe54384c9242173f96 # v2.5.0
         with:
           name: ${{ env.NAME }}
+          level: ${{ inputs.version_level }}
 
-      - name: Get Latest Version
-        id: latest_version
-        if: github.event_name != 'push' && inputs.version == ''
-        uses: docker/actions/bump-version@bump-version/v1.1.0
-        with:
-          name: ${{ env.NAME }}
-          include_tag: false
 
       - name: Get Release Version
         id: release_version
         shell: bash
         run: |
           if [[ '${{ steps.bump_version.outcome }}' == 'success' ]]; then
-            echo "version=${{ steps.bump_version.outputs.next_version_number }}" >> $GITHUB_OUTPUT
-            echo "tag=${{ steps.bump_version.outputs.next_version }}" >> $GITHUB_OUTPUT
-          elif [[ '${{ steps.latest_version.outcome }}' == 'success' ]]; then
-            echo "version=${{ steps.latest_version.outputs.latest_version_number }}" >> $GITHUB_OUTPUT
+            echo "version=${{ steps.bump_version.outputs.new_version }}" >> $GITHUB_OUTPUT
+            echo "tag=${{ steps.bump_version.outputs.new_tag }}" >> $GITHUB_OUTPUT
+          elif [[ '${{ steps.bump_version.outcome }}' == 'success' ]]; then
+            echo "version=${{ steps.bump_version.outputs.new_version }}" >> $GITHUB_OUTPUT
           elif [[ '${{ inputs.version }}' != '' ]]; then
             echo "Using already provided version: ${{ inputs.version }}."
             echo "version=${{ inputs.version }}" >> $GITHUB_OUTPUT
@@ -105,13 +108,13 @@ jobs:
           fi
 
       - name: Hub Login
-        uses: docker/login-action@v2
+        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc #v2
         with:
           username: dockerbuildbot
           password: ${{ secrets.DOCKERBUILDBOT_WRITE_PAT }}
 
       - name: Setup Hydrobuild
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 #v3
         if: ${{ ! inputs.build_local }}
         with:
           version: "lab:latest"
@@ -123,7 +126,7 @@ jobs:
         id: hub_image_exists
         shell: bash
         run: |
-          if docker manifest inspect docker/${{ env.NAME }}:${{ steps.latest_version.outputs.latest_version_number }}; then
+          if docker manifest inspect docker/${{ env.NAME }}:${{ steps.bump_version.outputs.new_version }}; then
             echo 'exists=true' >> $GITHUB_OUTPUT
           else
             echo 'exists=false' >> $GITHUB_OUTPUT
@@ -148,9 +151,15 @@ jobs:
             sudo systemctl restart docker
           fi
   
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3
+  
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 #v3
       - name: Build and push service image
         if: steps.hub_image_exists.outputs.exists == 'false'
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5
         with:
           context: .
           file: Dockerfile
@@ -167,10 +176,11 @@ jobs:
             com.docker.image.source.entrypoint=Dockerfile
           provenance: mode=max
           sbom: true
+          platforms: linux/amd64,linux/arm64
   
       - name: Configure AWS Credentials
         if: inputs.mirror_ecr == 'true'
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4
         with:
           role-session-name: gha-release-service-go-workflow
           role-to-assume: ${{ inputs.aws_role_to_assume_arn }}
@@ -179,35 +189,12 @@ jobs:
       - name: Log in to Amazon ECR
         if: inputs.mirror_ecr == 'true'
         id: login_ecr
-        uses: aws-actions/amazon-ecr-login@v2
+        uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2
   
-      ## Note: We're disabling this for now so branch images can be overriden
-      ## on-demand. This is pending revisiting branch-based deployments.
-      # - name: Check image exists in AWS ECR
-      #   if: inputs.mirror_ecr == 'true'
-      #   id: ecr_image_exists
-      #   shell: bash
-      #   run: |
-      #     if docker manifest inspect ${{ steps.login_ecr.outputs.registry }}/${{ inputs.service_name }}:${{ steps.image_tag.outputs.tag }}; then
-      #       echo 'exists=true' >> $GITHUB_OUTPUT
-      #     else
-      #       echo 'exists=false' >> $GITHUB_OUTPUT
-      #     fi
-  
-      - name: Vendor modules
-        # Basically, if the Hub image exists, then we need to make sure to vendor
-        # for building the ECR image.
-        if: steps.hub_image_exists.outputs.exists == 'true'
-        working-directory: ${{ inputs.service_directory }}
-        shell: bash
-        run: |
-          if [[ -f "go.mod" ]]; then
-            go mod vendor
-          fi
   
       - name: Build and push Docker image to ECR
         if: inputs.mirror_ecr == 'true'
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5
         with:
           context: .
           file: Dockerfile
@@ -229,23 +216,3 @@ jobs:
         if: inputs.mirror_ecr == true
         shell: bash
         run: docker logout ${{ steps.login_ecr.outputs.registry }}
-  
-  
-      - name: Restore repository to initial HEAD
-        shell: bash
-        run: git checkout "${{steps.base_branch.outputs.git_ref}}"
-
-      - name: Delete git tag created by this workflow
-        if: failure() && steps.release_version.outputs.tag != ''
-        shell: bash
-        run: |
-          git push --delete origin ${{ steps.release_version.outputs.tag }}
-          # TODO: Some other things to do on cleanup:
-          #
-          # 1. revert deploy commit in cloud-manifests.
-          #
-          # 2. delete image from Hub. Doesn't create friction often; but might cause
-          # confusion.
-          #
-          # 3. delete image from ECR. Doesn't create friction often; but might cause
-          # confusion.
