chore: clean up CI workflows by removing unused release job and updating permissions

Author: kjanat

.github/workflows/ci.yml

@@ -3,8 +3,6 @@ name: CI
 on:
   push:
     branches: ['master', 'develop']
-    tags:
-      - 'v*.*.*'
   pull_request:
     branches: ['master', 'develop', 'feature/*']
 
@@ -352,144 +350,14 @@ jobs:
           fail-on-severity: moderate
           comment-summary-in-pr: always
 
-  release:
-    name: Release
-    runs-on: ubuntu-latest
-    if: github.ref_type == 'tag'
-    permissions:
-      contents: write
-    needs: ['test']
-    steps:
-      - uses: actions/checkout@v5
-        with:
-          fetch-depth: 0
-
-      - name: Set up Go
-        uses: actions/setup-go@v6
-        with:
-          go-version-file: 'go.mod'
-          check-latest: true
-
-      - name: Run tests
-        run: |
-          echo "## 🚀 Release Tests" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-
-          go test -v ./... 2>&1 | tee release-test-output.log
-          TEST_STATUS=$?
-
-          TOTAL_TESTS=$(grep -c "=== RUN" release-test-output.log || echo "0")
-          PASSED_TESTS=$(grep -c "--- PASS:" release-test-output.log || echo "0")
-          FAILED_TESTS=$(grep -c "--- FAIL:" release-test-output.log || echo "0")
-
-          echo "| Metric | Value |" >> $GITHUB_STEP_SUMMARY
-          echo "|--------|-------|" >> $GITHUB_STEP_SUMMARY
-          echo "| Total Tests | $TOTAL_TESTS |" >> $GITHUB_STEP_SUMMARY
-          echo "| Passed | ✅ $PASSED_TESTS |" >> $GITHUB_STEP_SUMMARY
-          echo "| Failed | ❌ $FAILED_TESTS |" >> $GITHUB_STEP_SUMMARY
-          echo "| Status | $([ $TEST_STATUS -eq 0 ] && echo "✅ PASSED" || echo "❌ FAILED") |" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-
-          exit $TEST_STATUS
-
-      - name: Install UPX
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y upx
-
-      - name: Build binaries
-        run: |
-          echo "## 🔨 Build Process" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-
-          # Set the build time environment variable using git commit timestamp
-          BUILD_TIME=$(git log -1 --format=%cd --date=iso-strict)
-
-          # Add run permissions to the build script
-          chmod +x ./scripts/build.sh
-
-          # Display help information for the build script
-          ./scripts/build.sh --help
-
-          echo "**Build Configuration:**" >> $GITHUB_STEP_SUMMARY
-          echo "- Version: ${{ github.ref_name }}" >> $GITHUB_STEP_SUMMARY
-          echo "- Build Time: $BUILD_TIME" >> $GITHUB_STEP_SUMMARY
-          echo "- Git Commit: ${{ github.sha }}" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-
-          # Build for all platforms
-          ./scripts/build.sh \
-            --verbose \
-            -ldflags "-s -w -X github.com/kjanat/articulate-parser/internal/version.Version=${{ github.ref_name }} -X github.com/kjanat/articulate-parser/internal/version.BuildTime=$BUILD_TIME -X github.com/kjanat/articulate-parser/internal/version.GitCommit=${{ github.sha }}"
-
-      - name: Compress binaries with UPX
-        run: |
-          echo "## 📦 Binary Compression" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-
-          echo "Compressing binaries with UPX..."
-          cd build/
-
-          # Get original sizes
-          echo "**Original sizes:**" >> $GITHUB_STEP_SUMMARY
-          echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
-          ls -lah >> $GITHUB_STEP_SUMMARY
-          echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-
-          # Compress all binaries except Darwin (macOS) binaries as UPX doesn't work well with recent macOS versions
-          for binary in articulate-parser-*; do
-            echo "Compressing $binary..."
-            upx --best "$binary" || {
-              echo "Warning: UPX compression failed for $binary, keeping original"
-            }
-
-            # if [[ "$binary" == *"darwin"* ]]; then
-            #   echo "Skipping UPX compression for $binary (macOS compatibility)"
-            # else
-            #   echo "Compressing $binary..."
-            #   upx --best "$binary" || { # removed `--lzma`
-            #     echo "Warning: UPX compression failed for $binary, keeping original"
-            #   }
-            # fi
-          done
-
-          echo "**Final sizes:**" >> $GITHUB_STEP_SUMMARY
-          echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
-          ls -lah >> $GITHUB_STEP_SUMMARY
-          echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-
-      - name: Upload a Build Artifact
-        uses: actions/[email protected]
-        with:
-          name: build-artifacts
-          path: build/
-          if-no-files-found: ignore
-          retention-days: 1
-          compression-level: 9
-          overwrite: true
-          include-hidden-files: true
-
-      - name: Create Release
-        uses: softprops/action-gh-release@v2
-        with:
-          files: build/*
-          generate_release_notes: true
-          draft: false
-          # Mark v0.x.x releases as prerelease (pre-1.0 versions are considered unstable)
-          prerelease: ${{ startsWith(github.ref, 'refs/tags/v0.') }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
   docker:
     name: Docker Build & Push
     runs-on: ubuntu-latest
     permissions:
       contents: read
       packages: write
     needs: ['test']
-    if: github.event_name == 'push' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/develop' || startsWith(github.ref, 'refs/tags/') || startsWith(github.ref, 'refs/heads/feature/docker'))
+    if: github.event_name == 'push' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/develop' || startsWith(github.ref, 'refs/heads/feature/docker'))
     steps:
       - name: Checkout repository
         uses: actions/checkout@v5

.github/workflows/dependency-review.yml

@@ -10,6 +10,7 @@ permissions:
   contents: read
   # Required to post security advisories
   security-events: write
+  pull-requests: write
 
 jobs:
   dependency-review:

.github/workflows/release.yml

@@ -3,10 +3,16 @@ name: Release
 on:
   push:
     tags:
-      - 'v*.*.*'
+      - "v*.*.*"
+  workflow_call:
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
 
 permissions:
   contents: write
+  packages: write
 
 jobs:
   release:
@@ -21,7 +27,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v6
         with:
-          go-version-file: 'go.mod'
+          go-version-file: "go.mod"
           check-latest: true
 
       - name: Run tests
@@ -72,3 +78,79 @@ jobs:
           prerelease: ${{ startsWith(github.ref, 'refs/tags/v0.') }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  docker:
+    name: Docker Build & Push
+    runs-on: ubuntu-latest
+    needs: ['release']
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.IMAGE_NAME }}
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=raw,value=latest,enable={{is_default_branch}}
+          labels: |
+            org.opencontainers.image.title=Articulate Parser
+            org.opencontainers.image.description=A powerful CLI tool to parse Articulate Rise courses and export them to multiple formats including Markdown HTML and DOCX. Supports media extraction content cleaning and batch processing for educational content conversion.
+            org.opencontainers.image.vendor=kjanat
+            org.opencontainers.image.licenses=MIT
+            org.opencontainers.image.url=https://github.com/${{ github.repository }}
+            org.opencontainers.image.source=https://github.com/${{ github.repository }}
+            org.opencontainers.image.documentation=https://github.com/${{ github.repository }}/blob/master/DOCKER.md
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          platforms: |
+            linux/amd64
+            linux/arm64
+            linux/arm/v7
+            linux/386
+            linux/ppc64le
+            linux/s390x
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          annotations: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            VERSION=${{ github.ref_name }}
+            BUILD_TIME=${{ github.event.head_commit.timestamp || github.event.repository.pushed_at }}
+            GIT_COMMIT=${{ github.sha }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          outputs: type=image,name=target,annotation-index.org.opencontainers.image.description=A powerful CLI tool to parse Articulate Rise courses and export them to multiple formats including Markdown HTML and DOCX. Supports media extraction content cleaning and batch processing for educational content conversion.
+          sbom: true
+          provenance: true