fix(helm): use CNPG built-in barmanObjectStore for backups #19
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Images and Chart | |
| on: | |
| push: | |
| tags: | |
| - "remote-v*" | |
| workflow_dispatch: | |
| inputs: | |
| git_ref: | |
| description: "Existing release tag or ref to build from (for example remote-v1.2.3)" | |
| required: true | |
| type: string | |
| permissions: | |
| contents: read | |
| packages: write | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| env: | |
| DOCKERHUB_REMOTE_IMAGE_NAME: ${{ vars.DOCKERHUB_REMOTE_IMAGE_NAME }} | |
| DOCKERHUB_RELAY_IMAGE_NAME: ${{ vars.DOCKERHUB_RELAY_IMAGE_NAME }} | |
| FEATURES: ${{ vars.FEATURES }} | |
| POSTHOG_API_KEY: ${{ secrets.POSTHOG_API_KEY }} | |
| POSTHOG_API_ENDPOINT: ${{ vars.POSTHOG_API_ENDPOINT }} | |
| VITE_RELAY_API_BASE_URL: ${{ vars.VITE_RELAY_API_BASE_URL }} | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event_name == 'workflow_dispatch' && inputs.git_ref || github.ref }} | |
| submodules: recursive | |
| - name: Determine release inputs | |
| id: release | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| if [ "${GITHUB_EVENT_NAME}" = "workflow_dispatch" ]; then | |
| raw_ref="${{ inputs.git_ref }}" | |
| else | |
| raw_ref="${GITHUB_REF_NAME}" | |
| fi | |
| ref_name="${raw_ref#refs/tags/}" | |
| ref_name="${ref_name#refs/heads/}" | |
| if [[ ! "$ref_name" =~ ^remote-v[0-9]+\.[0-9]+\.[0-9]+([-.].*)?$ ]]; then | |
| echo "Expected a remote release tag like remote-v1.2.3, got: $raw_ref" | |
| exit 1 | |
| fi | |
| version="${ref_name#remote-v}" | |
| if [ -z "$version" ]; then | |
| echo "Release version is empty" | |
| exit 1 | |
| fi | |
| if [[ "$version" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | |
| stable=true | |
| else | |
| stable=false | |
| fi | |
| dockerhub_enabled=false | |
| if [ -n "${DOCKERHUB_REMOTE_IMAGE_NAME:-}" ] || [ -n "${DOCKERHUB_RELAY_IMAGE_NAME:-}" ]; then | |
| if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then | |
| echo "Docker Hub image names are configured but DOCKERHUB_USERNAME or DOCKERHUB_TOKEN is missing" | |
| exit 1 | |
| fi | |
| dockerhub_enabled=true | |
| fi | |
| echo "ref_name=$ref_name" >> "$GITHUB_OUTPUT" | |
| echo "version=$version" >> "$GITHUB_OUTPUT" | |
| echo "stable=$stable" >> "$GITHUB_OUTPUT" | |
| echo "dockerhub_enabled=$dockerhub_enabled" >> "$GITHUB_OUTPUT" | |
| - name: Apply downstream patches | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| git submodule update --init vibe-kanban | |
| bash scripts/apply-patches.sh vibe-kanban | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to GHCR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Log in to Docker Hub | |
| if: ${{ steps.release.outputs.dockerhub_enabled == 'true' }} | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Build and push remote image | |
| shell: bash | |
| env: | |
| VERSION: ${{ steps.release.outputs.version }} | |
| STABLE: ${{ steps.release.outputs.stable }} | |
| DOCKERHUB_ENABLED: ${{ steps.release.outputs.dockerhub_enabled }} | |
| run: | | |
| set -euo pipefail | |
| ghcr_image="ghcr.io/${GITHUB_REPOSITORY_OWNER,,}/vibe-kanban-team-remote" | |
| tags=(--tag "${ghcr_image}:${VERSION}") | |
| if [ "$STABLE" = "true" ]; then | |
| tags+=(--tag "${ghcr_image}:latest") | |
| fi | |
| if [ "$DOCKERHUB_ENABLED" = "true" ] && [ -n "${DOCKERHUB_REMOTE_IMAGE_NAME:-}" ]; then | |
| tags+=(--tag "${DOCKERHUB_REMOTE_IMAGE_NAME}:${VERSION}") | |
| if [ "$STABLE" = "true" ]; then | |
| tags+=(--tag "${DOCKERHUB_REMOTE_IMAGE_NAME}:latest") | |
| fi | |
| fi | |
| docker buildx build \ | |
| --push \ | |
| --cache-from "type=gha,scope=vibe-kanban-team-remote" \ | |
| --cache-to "type=gha,mode=max,scope=vibe-kanban-team-remote" \ | |
| "${tags[@]}" \ | |
| -f vibe-kanban/crates/remote/Dockerfile \ | |
| --build-arg FEATURES="${FEATURES:-}" \ | |
| --build-arg POSTHOG_API_KEY="${POSTHOG_API_KEY:-}" \ | |
| --build-arg POSTHOG_API_ENDPOINT="${POSTHOG_API_ENDPOINT:-}" \ | |
| --build-arg VITE_RELAY_API_BASE_URL="${VITE_RELAY_API_BASE_URL:-}" \ | |
| ./vibe-kanban | |
| - name: Build and push relay image | |
| shell: bash | |
| env: | |
| VERSION: ${{ steps.release.outputs.version }} | |
| STABLE: ${{ steps.release.outputs.stable }} | |
| DOCKERHUB_ENABLED: ${{ steps.release.outputs.dockerhub_enabled }} | |
| run: | | |
| set -euo pipefail | |
| ghcr_image="ghcr.io/${GITHUB_REPOSITORY_OWNER,,}/vibe-kanban-team-relay" | |
| tags=(--tag "${ghcr_image}:${VERSION}") | |
| if [ "$STABLE" = "true" ]; then | |
| tags+=(--tag "${ghcr_image}:latest") | |
| fi | |
| if [ "$DOCKERHUB_ENABLED" = "true" ] && [ -n "${DOCKERHUB_RELAY_IMAGE_NAME:-}" ]; then | |
| tags+=(--tag "${DOCKERHUB_RELAY_IMAGE_NAME}:${VERSION}") | |
| if [ "$STABLE" = "true" ]; then | |
| tags+=(--tag "${DOCKERHUB_RELAY_IMAGE_NAME}:latest") | |
| fi | |
| fi | |
| docker buildx build \ | |
| --push \ | |
| --cache-from "type=gha,scope=vibe-kanban-team-relay" \ | |
| --cache-to "type=gha,mode=max,scope=vibe-kanban-team-relay" \ | |
| "${tags[@]}" \ | |
| -f vibe-kanban/crates/relay-tunnel/Dockerfile \ | |
| ./vibe-kanban | |
| - name: Set up Helm | |
| uses: azure/setup-helm@v4 | |
| - name: Log in to GHCR for Helm | |
| shell: bash | |
| env: | |
| HELM_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| set -euo pipefail | |
| printf '%s\n' "$HELM_REGISTRY_PASSWORD" | helm registry login ghcr.io -u "${GITHUB_ACTOR}" --password-stdin | |
| - name: Package and publish Helm chart | |
| shell: bash | |
| env: | |
| VERSION: ${{ steps.release.outputs.version }} | |
| run: | | |
| set -euo pipefail | |
| mkdir -p dist | |
| helm package helm/vibe-kanban-team \ | |
| --version "$VERSION" \ | |
| --app-version "$VERSION" \ | |
| --destination dist | |
| helm push "dist/vibe-kanban-team-${VERSION}.tgz" "oci://ghcr.io/${GITHUB_REPOSITORY_OWNER,,}/helm-charts" |