feat: migrate to infisical #67
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI-CD | |
on: | |
push: | |
env: | |
# Docker | |
DOCKER_DOMAIN: ghcr.io | |
DOCKER_USER: ${{ github.actor }} | |
DOCKER_PASSWORD: ${{ secrets.GITHUB_TOKEN }} | |
DOCKER_LATEST_BRANCH: develop | |
# Helm | |
HELM_DOMAIN: ghcr.io | |
HELM_USER: ${{ github.actor }} | |
HELM_PASSWORD: ${{ secrets.GITHUB_TOKEN }} | |
jobs: | |
precommit: | |
name: Pre-commit Check | |
runs-on: | |
- nscloud-ubuntu-22.04-amd64-4x8-with-cache | |
- nscloud-cache-size-50gb | |
- nscloud-cache-tag-sulfone-zinc-nix-store-cache | |
- nscloud-git-mirror-1gb | |
steps: | |
# Setup | |
- uses: AtomiCloud/actions.setup-nix@v1.1.0 | |
- uses: AtomiCloud/actions.cache-nuget@v1.0.1 | |
# Action | |
- name: Run pre-commit | |
run: nix develop .#ci -c ./scripts/ci/pre-commit.sh | |
build: | |
name: Build Docker | |
permissions: | |
contents: read | |
id-token: write | |
packages: write | |
runs-on: ubuntu-22.04 | |
strategy: | |
matrix: | |
configs: | |
- image-name: api | |
dockerfile: ./infra/Dockerfile | |
context: . | |
platform: linux/amd64,linux/arm64 | |
- image-name: migrate | |
dockerfile: ./infra/migrate.Dockerfile | |
context: . | |
platform: linux/amd64,linux/arm64 | |
env: | |
STRAT_DOCKER_IMAGE: ${{ matrix.configs.image-name }} | |
STRAT_DOCKERFILE: ${{ matrix.configs.dockerfile }} | |
STRAT_DOCKER_CONTEXT: ${{ matrix.configs.context }} | |
STRAT_DOCKER_PLATFORM: ${{ matrix.configs.platform }} | |
steps: | |
# Setup | |
- uses: AtomiCloud/actions.setup-docker@v1.2.0 | |
# Action | |
- uses: rlespinasse/github-slug-action@v3.x | |
- name: Build and Push Docker | |
run: ./scripts/ci/ci-docker.sh | |
env: | |
CI_DOCKER_IMAGE: ${{ env.STRAT_DOCKER_IMAGE }} | |
CI_DOCKER_CONTEXT: ${{ env.STRAT_DOCKER_CONTEXT }} | |
CI_DOCKERFILE: ${{ env.STRAT_DOCKERFILE }} | |
CI_DOCKER_PLATFORM: ${{ env.STRAT_DOCKER_PLATFORM }} | |
DOMAIN: ${{ env.DOCKER_DOMAIN }} | |
GITHUB_REPO_REF: ${{ github.repository }} | |
GITHUB_SHA: ${{ github.sha }} | |
GITHUB_BRANCH: ${{ env.GITHUB_REF_SLUG }} | |
DOCKER_PASSWORD: ${{ env.DOCKER_PASSWORD }} | |
DOCKER_USER: ${{ env.DOCKER_USER }} | |
LATEST_BRANCH: ${{ env.DOCKER_LATEST_BRANCH}} | |
publish: | |
name: Publish Helm | |
needs: build | |
runs-on: | |
- nscloud-ubuntu-22.04-amd64-4x8-with-cache | |
- nscloud-cache-size-50gb | |
- nscloud-cache-tag-sulfone-zinc-nix-store-cache | |
- nscloud-git-mirror-1gb | |
steps: | |
# Setup | |
- uses: AtomiCloud/actions.setup-nix@v1.1.0 | |
# Action | |
- uses: rlespinasse/github-slug-action@v3.x | |
- name: Publish | |
env: | |
GITHUB_REPO_REF: ${{ github.repository }} | |
GITHUB_SHA: ${{ github.sha }} | |
GITHUB_BRANCH: ${{ env.GITHUB_REF_SLUG_URL }} | |
DOMAIN: ${{ env.HELM_DOMAIN }} | |
DOCKER_PASSWORD: ${{ env.HELM_PASSWORD }} | |
DOCKER_USER: ${{ env.HELM_USER }} | |
run: nix develop .#ci -c scripts/ci/publish.sh | |
release: | |
name: Semantic Release | |
needs: | |
- build | |
- precommit | |
if: github.ref == 'refs/heads/main' | |
runs-on: | |
- nscloud-ubuntu-22.04-amd64-4x8-with-cache | |
- nscloud-cache-size-50gb | |
- nscloud-cache-tag-releaser-sulfone-zinc-nix-store-cache | |
- nscloud-git-mirror-1gb | |
steps: | |
# Setup | |
- uses: AtomiCloud/actions.setup-nix@v1.1.0 | |
- uses: AtomiCloud/actions.cache-npm@v1.0.1 | |
# Action | |
- uses: rlespinasse/github-slug-action@v3.x | |
- name: Release | |
env: | |
GITHUB_REPO_REF: ${{ github.repository }} | |
GITHUB_SHA: ${{ github.sha }} | |
GITHUB_BRANCH: ${{ env.GITHUB_REF_SLUG_URL }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
DOMAIN: ${{ env.HELM_DOMAIN }} | |
DOCKER_PASSWORD: ${{ env.HELM_PASSWORD }} | |
DOCKER_USER: ${{ env.HELM_USER }} | |
run: nix develop .#releaser -c scripts/ci/release.sh |