chore: add .worktrees/ to .gitignore for isolated workspaces #26
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Docker Image | |
| on: | |
| push: | |
| branches: [main, execution-traceability, 'preview/**'] | |
| schedule: | |
| - cron: '0 2 * * 0' # Weekly rebuild (Sunday 2am UTC) for base image security patches | |
| workflow_dispatch: # Manual trigger option | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| # Prevent overlapping deployments | |
| concurrency: | |
| group: deploy-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 | |
| - name: Determine image tag | |
| id: tag | |
| run: | | |
| if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then | |
| TAG="latest" | |
| BRANCH_TAG="main-${{ github.sha }}" | |
| elif [[ "${{ github.ref }}" == "refs/heads/execution-traceability" ]]; then | |
| TAG="execution-traceability" | |
| BRANCH_TAG="execution-traceability-${{ github.sha }}" | |
| elif [[ "${{ github.ref }}" =~ ^refs/heads/preview/ ]]; then | |
| # Extract branch name from refs/heads/preview/feature-name -> feature-name | |
| BRANCH_NAME="${{ github.ref }}" | |
| BRANCH_NAME="${BRANCH_NAME#refs/heads/preview/}" | |
| TAG="preview-${BRANCH_NAME}" | |
| BRANCH_TAG="preview-${BRANCH_NAME}-${{ github.sha }}" | |
| else | |
| # For other branches (manual workflow_dispatch), use branch name | |
| BRANCH_NAME="${{ github.ref_name }}" | |
| TAG="${BRANCH_NAME}" | |
| BRANCH_TAG="${BRANCH_NAME}-${{ github.sha }}" | |
| fi | |
| echo "TAG=${TAG}" >> $GITHUB_OUTPUT | |
| echo "BRANCH_TAG=${BRANCH_TAG}" >> $GITHUB_OUTPUT | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=raw,value=${{ steps.tag.outputs.TAG }} | |
| type=raw,value=${{ steps.tag.outputs.BRANCH_TAG }} | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Build summary | |
| run: | | |
| echo "✅ Docker image built and pushed successfully" | |
| echo "" | |
| echo "📦 Images:" | |
| echo " ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.TAG }}" | |
| echo " ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.BRANCH_TAG }}" | |
| echo "" | |
| if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then | |
| echo "🚀 To deploy production, run:" | |
| echo " ./scripts/deploy.sh" | |
| else | |
| BRANCH_NAME="${{ github.ref_name }}" | |
| echo "🧪 To deploy preview, add to docker-compose.yml:" | |
| echo " image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.TAG }}" | |
| fi |