chore: bump @fortawesome/free-solid-svg-icons from 6.7.2 to 7.1.0 (#87) #104
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release to Production | |
| on: | |
| push: | |
| branches: | |
| - main | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| NODE_VERSION: "24" | |
| permissions: | |
| contents: write # Required for semantic-release to create releases and tags | |
| packages: write # Required for pushing Docker images to GHCR | |
| id-token: write # Required for cosign signing | |
| jobs: | |
| docker: | |
| name: "Release Docker image" | |
| runs-on: ubuntu-latest | |
| outputs: | |
| VERSION: ${{ steps.version.outputs.version }} | |
| steps: | |
| - id: checkout | |
| name: Checkout Repository | |
| uses: actions/checkout@v6 | |
| - name: Setup Nodejs | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| - name: Install dependencies | |
| run: npm ci | |
| - id: version | |
| name: Determine Release Version | |
| run: | | |
| npm install @semantic-release/exec -D | |
| npm install @semantic-release/changelog -D | |
| npm install @semantic-release/git -D | |
| npx semantic-release --dry-run | |
| cat VERSION.env | |
| source VERSION.env | |
| echo "version=$VERSION" >> "$GITHUB_OUTPUT" | |
| - name: Set up QEMU | |
| if: ${{ steps.version.outputs.VERSION != ''}} | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| if: ${{ steps.version.outputs.VERSION != ''}} | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to GHCR | |
| if: ${{ steps.version.outputs.VERSION != ''}} | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and Push Docker Image | |
| if: ${{ steps.version.outputs.VERSION != ''}} | |
| id: build-and-push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| build-args: VERSION=${{steps.version.outputs.VERSION}} | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: ghcr.io/${{ github.repository }}:${{steps.version.outputs.VERSION}} | |
| - uses: sigstore/[email protected] | |
| - name: Image Signing | |
| if: ${{ steps.version.outputs.VERSION != ''}} | |
| run: | | |
| cosign sign --yes \ | |
| -a "repo=${{ github.repository }}" \ | |
| -a "workflow=${{ github.workflow }}" \ | |
| -a "ref=${{ github.sha }}" \ | |
| -a "owner=Spectro Cloud" \ | |
| --key env://COSIGN_PRIVATE_KEY --recursive "${TAGS}@${DIGEST}" | |
| env: | |
| TAGS: ghcr.io/${{ github.repository }}:${{steps.dependencies.outputs.VERSION}} | |
| COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} | |
| COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | |
| DIGEST: ${{ steps.build-and-push.outputs.digest }} | |
| docker-reverse-proxy: | |
| name: "Docker w/Proxy image" | |
| runs-on: ubuntu-latest | |
| outputs: | |
| VERSION: ${{ steps.version.outputs.version }} | |
| steps: | |
| - id: checkout | |
| name: Checkout Repository | |
| uses: actions/checkout@v6 | |
| - name: Setup Nodejs | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| - name: Install dependencies | |
| run: npm ci | |
| - id: version | |
| name: Determine Release Version | |
| run: | | |
| npm install @semantic-release/exec -D | |
| npm install @semantic-release/changelog -D | |
| npm install @semantic-release/git -D | |
| npx semantic-release --dry-run | |
| cat VERSION.env | |
| source VERSION.env | |
| echo "version=$VERSION" >> "$GITHUB_OUTPUT" | |
| - name: Set up QEMU | |
| if: ${{ steps.version.outputs.VERSION != ''}} | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| if: ${{ steps.version.outputs.VERSION != ''}} | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to GHCR | |
| if: ${{ steps.version.outputs.VERSION != ''}} | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and Push Docker Image | |
| if: ${{ steps.version.outputs.VERSION != ''}} | |
| id: build-and-push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: Dockerfile.Caddy | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: ghcr.io/${{ github.repository }}:${{steps.version.outputs.VERSION}}-proxy | |
| - uses: sigstore/[email protected] | |
| - name: Image Signing | |
| if: ${{ steps.version.outputs.VERSION != ''}} | |
| run: | | |
| cosign sign --yes \ | |
| -a "repo=${{ github.repository }}" \ | |
| -a "workflow=${{ github.workflow }}" \ | |
| -a "ref=${{ github.sha }}" \ | |
| -a "owner=Spectro Cloud" \ | |
| --key env://COSIGN_PRIVATE_KEY --recursive "${TAGS}@${DIGEST}" | |
| env: | |
| TAGS: ghcr.io/${{ github.repository }}:${{steps.dependencies.outputs.VERSION}} | |
| COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} | |
| COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | |
| DIGEST: ${{ steps.build-and-push.outputs.digest }} | |
| release: | |
| name: "Release" | |
| needs: [docker, docker-reverse-proxy] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - id: checkout | |
| name: Checkout Repository | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Retrieve Credentials | |
| id: import-secrets | |
| uses: hashicorp/[email protected] | |
| with: | |
| url: https://vault.prism.spectrocloud.com | |
| method: approle | |
| roleId: ${{ secrets.VAULT_ROLE_ID }} | |
| secretId: ${{ secrets.VAULT_SECRET_ID }} | |
| secrets: /providers/github/organizations/spectrocloud/token?org_name=spectrocloud token | VAULT_GITHUB_TOKEN | |
| - name: Setup Nodejs | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: "release" | |
| env: | |
| GITHUB_TOKEN: ${{ steps.import-secrets.outputs.VAULT_GITHUB_TOKEN }} | |
| run: npx semantic-release |