refactor: re-architect around GitHub App with structured agent pipeli… #221
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # CI workflow: runs on pushes to main and release branches. | |
| # On release branches: | |
| # - Packs the opentower npm tarball and uploads it as an artifact | |
| # - Builds and pushes the Docker image tagged with the commit SHA | |
| # Craft's artifactProvider looks for workflow "CI" → artifact "npm-tarball", | |
| # and craft's Docker target looks for the image tagged with the revision SHA. | |
| name: CI | |
| on: | |
| push: | |
| branches: [main, 'release/**'] | |
| pull_request: | |
| branches: [main] | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: latest | |
| - name: Install dependencies | |
| run: bun install --frozen-lockfile | |
| - name: Biome check | |
| run: bun run check | |
| - name: Typecheck (opentower) | |
| run: bun run typecheck | |
| working-directory: packages/opentower | |
| - name: Typecheck (dashboard) | |
| run: bun run typecheck | |
| working-directory: packages/dashboard | |
| # --- Release-branch only: npm tarball + Docker image --- | |
| # Build dashboard assets into opentower/public before packing. | |
| # bun pm pack does NOT run prepublishOnly, so we must build explicitly. | |
| - name: Build dashboard | |
| if: startsWith(github.ref, 'refs/heads/release/') | |
| run: bun run build | |
| working-directory: packages/opentower | |
| # Pack and upload the npm tarball. | |
| - name: Pack tarball | |
| if: startsWith(github.ref, 'refs/heads/release/') | |
| run: | | |
| mkdir -p dist-tarballs | |
| cd packages/opentower | |
| bun pm pack --destination ../../dist-tarballs | |
| echo "--- Tarball: ---" | |
| ls -la ../../dist-tarballs/ | |
| - name: Upload tarball | |
| if: startsWith(github.ref, 'refs/heads/release/') | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: npm-tarball | |
| path: dist-tarballs/*.tgz | |
| # Build and push Docker image tagged with the commit SHA. | |
| # Craft's Docker target copies this SHA-tagged image to versioned + latest tags. | |
| - name: Lowercase image name | |
| if: startsWith(github.ref, 'refs/heads/release/') | |
| id: image | |
| run: | | |
| echo "name=$(printf '%s' '${{ env.IMAGE_NAME }}' | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT" | |
| - name: Set up Docker Buildx | |
| if: startsWith(github.ref, 'refs/heads/release/') | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to ghcr.io | |
| if: startsWith(github.ref, 'refs/heads/release/') | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push image (SHA tag) | |
| if: startsWith(github.ref, 'refs/heads/release/') | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| platforms: linux/amd64 | |
| push: true | |
| tags: ${{ env.REGISTRY }}/${{ steps.image.outputs.name }}:${{ github.sha }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| labels: | | |
| org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }} | |
| org.opencontainers.image.revision=${{ github.sha }} |