Update stack to ghcr #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Create and publish Docker Compose stack to GHCR | |
| on: | |
| push: | |
| branches: | |
| - ghcr_push_try | |
| pull_request: | |
| branches: | |
| - ghcr_push_try | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| build-and-push-stack: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| attestations: write | |
| id-token: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Get version info | |
| id: get_version_info | |
| run: | | |
| LATEST_TAG=$(git describe --tags --abbrev=0) | |
| BASE_VERSION=${LATEST_TAG#v} | |
| COMMIT_DISTANCE=$(git rev-list --count ${LATEST_TAG}..HEAD) | |
| NEW_VERSION="v${BASE_VERSION}.${COMMIT_DISTANCE}" | |
| echo "version=${NEW_VERSION}" >> $GITHUB_OUTPUT | |
| echo "Generated version: ${NEW_VERSION}" | |
| - name: Log in to GHCR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=raw,value=${{ steps.get_version_info.outputs.version }} | |
| # Build and push the entire stack | |
| - name: Build and push Docker Compose stack | |
| env: | |
| COMPOSE_DOCKER_CLI_BUILD: 1 | |
| DOCKER_BUILDKIT: 1 | |
| run: | | |
| VERSION=${{ steps.get_version_info.outputs.version }} | |
| REPO=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| # Build images with proper tags using the existing docker-compose.yml | |
| docker compose -f docker-compose.yml build \ | |
| --build-arg VERSION=$VERSION \ | |
| --build-arg REPO=$REPO | |
| # Get the service names from docker-compose | |
| docker compose -f docker-compose.yml config --services | |
| # Tag images | |
| docker tag cardanoapiio_backend:latest $REPO/backend:$VERSION | |
| docker tag nextjs_frontend_prod:latest $REPO/frontend:$VERSION | |
| # Push images | |
| docker push $REPO/backend:$VERSION | |
| docker push $REPO/frontend:$VERSION | |
| # Create production docker-compose file | |
| cat > docker-compose.prod.yml << EOL | |
| services: | |
| postgres: | |
| image: postgres:latest | |
| container_name: postgres_prod | |
| ports: | |
| - "6500:5432" | |
| volumes: | |
| - progresDB:/var/lib/postgresql/data | |
| env_file: | |
| - ./.env | |
| networks: | |
| - app_network_prod | |
| pgAdmin: | |
| image: dpage/pgadmin4 | |
| container_name: pgAdmin_prod | |
| env_file: | |
| - ./.env | |
| ports: | |
| - "5050:80" | |
| networks: | |
| - app_network_prod | |
| backend: | |
| image: $REPO/backend:$VERSION | |
| container_name: cardanoapiio_backend | |
| ports: | |
| - "8000:8000" | |
| depends_on: | |
| - postgres | |
| environment: | |
| DATABASE_URL: postgresql://admin:saisab@postgres:5432/rust_sqlx?schema=public | |
| networks: | |
| - app_network_prod | |
| frontend: | |
| image: $REPO/frontend:$VERSION | |
| container_name: nextjs_frontend_prod | |
| ports: | |
| - "3000:3000" | |
| environment: | |
| API_URL: http://backend:8000 | |
| NODE_ENV: production | |
| restart: always | |
| depends_on: | |
| - backend | |
| networks: | |
| - app_network_prod | |
| networks: | |
| app_network_prod: | |
| driver: bridge | |
| volumes: | |
| progresDB: | |
| EOL | |
| # Create a dummy .env file if it doesn't exist | |
| touch .env | |
| # Package and push the stack | |
| tar -czf stack.tar.gz docker-compose.prod.yml .env | |
| # Create and push the stack image | |
| docker buildx build --push \ | |
| --tag $REPO/stack:$VERSION \ | |
| --label "org.opencontainers.image.source=https://github.com/${{ github.repository }}" \ | |
| --platform linux/amd64 \ | |
| --file - . << EOF | |
| FROM scratch | |
| COPY stack.tar.gz / | |
| EOF | |
| - name: Generate stack attestation | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/stack | |
| subject-digest: sha256:${{ steps.push.outputs.digest }} | |
| push-to-registry: true |