name: Production deploy on: release: types: [published] jobs: deploy-and-tarball: name: Netlify deploy and tarball runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v4.1.7 - name: Setup node uses: actions/setup-node@v4.0.3 with: node-version: 20.12.2 cache: 'npm' - name: Install dependencies run: npm ci - name: Build app env: NODE_OPTIONS: '--max_old_space_size=4096' run: npm run build - name: Deploy to Netlify uses: nwtgck/actions-netlify@4cbaf4c08f1a7bfa537d6113472ef4424e4eb654 with: publish-dir: dist deploy-message: 'Prod deploy ${{ github.ref_name }}' enable-commit-comment: false github-token: ${{ secrets.GITHUB_TOKEN }} production-deploy: true github-deployment-environment: stable github-deployment-description: 'Stable deployment on each release' env: NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID_APP }} timeout-minutes: 1 - name: Get version from tag id: vars run: echo "tag=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT - name: Create tar.gz run: tar -czvf cinny-${{ steps.vars.outputs.tag }}.tar.gz dist - name: Sign tar.gz run: | echo '${{ secrets.GNUPG_KEY }}' | gpg --batch --import # Sadly a few lines in the private key match a few lines in the public key, # As a result just --export --armor gives us a few lines replaced with *** # making it useless for importing the signing key. Instead, we dump it as # non-armored and hex-encode it so that its printable. echo "PGP Signing key, in raw PGP format in hex. Import with cat ... | xxd -r -p - | gpg --import" gpg --export | xxd -p echo '${{ secrets.GNUPG_PASSPHRASE }}' | gpg --batch --yes --pinentry-mode loopback --passphrase-fd 0 --armor --detach-sign cinny-${{ steps.vars.outputs.tag }}.tar.gz - name: Upload tagged release uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 with: files: | cinny-${{ steps.vars.outputs.tag }}.tar.gz cinny-${{ steps.vars.outputs.tag }}.tar.gz.asc publish-image: name: Push Docker image to Docker Hub, ghcr runs-on: ubuntu-latest permissions: contents: read packages: write steps: - name: Checkout repository uses: actions/checkout@v4.1.7 - name: Set up QEMU uses: docker/setup-qemu-action@v3.2.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3.5.0 - name: Login to Docker Hub uses: docker/login-action@v3.3.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Login to the Container registry uses: docker/login-action@v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Extract metadata (tags, labels) for Docker id: meta uses: docker/metadata-action@v5.5.1 with: images: | ${{ secrets.DOCKER_USERNAME }}/cinny ghcr.io/${{ github.repository }} - name: Build and push Docker image uses: docker/build-push-action@v6.5.0 with: context: . platforms: linux/amd64,linux/arm64 push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }}