More package permissions pain #19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI Build App | |
on: | |
workflow_dispatch: | |
push: | |
branches: [main] | |
paths: | |
- "cmd/**" | |
- "web/**" | |
- ".github/workflows/**" | |
pull_request: | |
branches: [main] | |
permissions: | |
contents: read | |
packages: write | |
env: | |
VERSION: 0.8.5 | |
BUILD_INFO: "Build:development / Workflow:${{ github.workflow }} / RunId:${{ github.run_id }} / Ref:${{ github.ref }} / SHA:${{ github.sha }} / ImageTag:${{ github.run_id }}" | |
IMAGE_REG: ghcr.io | |
IMAGE_TAG: ${{ github.run_id }} | |
jobs: | |
# ===== Testing & code checking ====== | |
tests-linting: | |
runs-on: ubuntu-latest | |
outputs: | |
imageTag: ${{ steps.createTag.outputs.IMAGE_TAG }} | |
steps: | |
- name: "Checkout source" | |
uses: actions/checkout@v3 | |
- name: "Set Go version and paths" | |
uses: actions/setup-go@v3 | |
with: | |
go-version: "^1.21.0" | |
- name: "Install extra tools" | |
run: | | |
go install gotest.tools/gotestsum@latest | |
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin | |
- name: "Check code & lint" | |
run: | | |
go get ./... | |
make lint | |
- name: "Run all unit tests" | |
run: make test | |
# ===== Build container images ====== | |
build-images: | |
runs-on: ubuntu-latest | |
needs: tests-linting | |
strategy: | |
matrix: | |
serviceName: [cart, orders, users, products, frontend] | |
steps: | |
- name: "Checkout source" | |
uses: actions/checkout@v3 | |
- name: "Run build" | |
run: | | |
make docker-build-${{ matrix.serviceName }} IMAGE_TAG=$IMAGE_TAG VERSION=$VERSION BUILD_INFO="$BUILD_INFO" | |
make docker-build-${{ matrix.serviceName }} IMAGE_TAG=latest VERSION=$VERSION BUILD_INFO="$BUILD_INFO" | |
# Steps after this are only run when merging or pushing into main | |
- name: "Push to container registry" | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
run: | | |
echo ${{ secrets.GITHUB_TOKEN }} | docker login $IMAGE_REG -u $GITHUB_ACTOR --password-stdin | |
make docker-push-${{ matrix.serviceName }} IMAGE_TAG=$IMAGE_TAG | |
make docker-push-${{ matrix.serviceName }} IMAGE_TAG=latest |