name: 'Production deploy' on: release: types: [published] jobs: deploy-and-tarball: name: 'Netlify deploy and tarball' runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v3.1.0 - name: Setup node uses: actions/setup-node@v3.5.1 with: node-version: 17.9.0 cache: 'npm' - name: Install dependencies run: npm ci - name: Build app run: npm run build - name: Deploy to Netlify uses: nwtgck/actions-netlify@ac1cb16858bada08a9c71a81240a85cfc3f72913 with: publish-dir: dist deploy-message: "Prod deploy ${{ github.ref_name }}" enable-commit-comment: false github-token: ${{ secrets.GITHUB_TOKEN }} production-deploy: true github-deployment-environment: stable github-deployment-description: 'Stable deployment on each release' env: NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }} timeout-minutes: 1 - name: Get version from tag id: vars run: echo ::set-output name=tag::${GITHUB_REF#refs/*/} - name: Create tar.gz run: tar -czvf cinny-${{ steps.vars.outputs.tag }}.tar.gz dist - name: Sign tar.gz run: | echo '${{ secrets.GNUPG_KEY }}' | gpg --batch --import # Sadly a few lines in the private key match a few lines in the public key, # As a result just --export --armor gives us a few lines replaced with *** # making it useless for importing the signing key. Instead, we dump it as # non-armored and hex-encode it so that its printable. echo "PGP Signing key, in raw PGP format in hex. Import with cat ... | xxd -r -p - | gpg --import" gpg --export | xxd -p echo '${{ secrets.GNUPG_PASSPHRASE }}' | gpg --batch --yes --pinentry-mode loopback --passphrase-fd 0 --armor --detach-sign cinny-${{ steps.vars.outputs.tag }}.tar.gz - name: Upload tagged release uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5 with: files: | cinny-${{ steps.vars.outputs.tag }}.tar.gz cinny-${{ steps.vars.outputs.tag }}.tar.gz.asc publish-image: name: Push Docker image to Docker Hub, ghcr runs-on: ubuntu-latest permissions: contents: read packages: write steps: - name: Checkout repository uses: actions/checkout@v3.1.0 - name: Set up QEMU uses: docker/setup-qemu-action@v2.1.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2.0.0 - name: Login to Docker Hub uses: docker/login-action@v2.1.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Login to the Container registry uses: docker/login-action@v2.1.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Extract metadata (tags, labels) for Docker id: meta uses: docker/metadata-action@v4.0.1 with: images: | ${{ secrets.DOCKER_USERNAME }}/cinny ghcr.io/${{ github.repository }} - name: Build and push Docker image uses: docker/build-push-action@v3.2.0 with: context: . platforms: linux/amd64,linux/arm64 push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }}