Skip to content

Add workflows to publish docker container on release #119

Add workflows to publish docker container on release

Add workflows to publish docker container on release #119

Workflow file for this run

name: "Build and maybe release conda-store-ui"
on:
release:
types: [published]
push:
branches: [main]
tags: ["*"]
pull_request:
branches:
- main
workflow_dispatch:
env:
FORCE_COLOR: "1"
PACKAGE_FILE: "conda-store-ui.tgz"
jobs:
# always build and verify
build-application:
name: "Build conda-store-ui"
runs-on: ubuntu-latest
steps:
- name: "Checkout repository 🛎"
uses: actions/checkout@v4
- name: "Set Yarn to correct version 📌"
run: corepack enable
# Setup .npmrc file to publish to npm
- name: "Set up Node.js 🧶"
uses: actions/setup-node@v4
with:
node-version: "22.x"
registry-url: "https://registry.npmjs.org"
scope: "@conda-store-ui"
cache: "yarn"
- name: "Install dependencies 📦"
run: yarn
- name: "Lint code 🔍"
run: yarn eslint:check
- name: "Build source code (library) 🏗"
run: yarn run build
- name: "Build source code (web app) 🏗"
# ensure we use the prod target to minimise assets
run: yarn run webpack:prod bundle
- name: "Generate package tarball 📦"
run: yarn pack --filename ${{ env.PACKAGE_FILE }}
- name: "Upload package tarball 📤"
uses: actions/upload-artifact@v4
with:
name: conda-store-ui-package
path: ${{ env.PACKAGE_FILE }}
verify-build:
name: "Verify conda-store-ui build"
runs-on: ubuntu-latest
needs: build-application
steps:
- name: "Checkout repository 🛎"
uses: actions/checkout@v4
- name: "Download build artefacts 📦"
uses: actions/download-artifact@v4
with:
name: conda-store-ui-package
# (setup-node workaround https://github.com/actions/setup-node/issues/763) otherwise the authentication fails for npmjs
- name: "Set npmjs scope"
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: |
npm config delete @conda-store-ui:registry --location project
npm config set @conda-store-ui:registry 'https://registry.npmjs.org' --location project
npm config set //registry.npmjs.org/:_authToken '${NODE_AUTH_TOKEN}' --location project
- name: "Check publish (dry run) 📤"
run: |
echo "Publishing dry run..."
npm publish --verbose --access public ${{ env.PACKAGE_FILE }} --dry-run
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
release-to-npmjs:
name: "Release conda-store-ui to npmjs 📦"
runs-on: ubuntu-latest
needs:
- build-application
- verify-build
if: github.repository_owner == 'conda-incubator' && github.event_name == 'release' && startsWith(github.ref, 'refs/tags/')
# needed for attestations
permissions:
id-token: write
attestations: write
contents: read
steps:
- name: "Checkout repository 🛎"
uses: actions/checkout@v4
# Set registry in .npmrc and set up auth to read in from
# env.NODE_AUTH_TOKEN.
- name: "Set up Node.js 🧶"
uses: actions/setup-node@v4
with:
node-version: "20.x"
registry-url: "https://registry.npmjs.org"
scope: "@conda-store-ui"
- name: "Download build artefacts 📦"
uses: actions/download-artifact@v4
with:
name: conda-store-ui-package
# Create an attestation with GitHub to track build provenance
# More info: https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds
- name: "Attest Build Provenance ✨"
uses: actions/attest-build-provenance@v1
if: github.repository_owner == 'conda-incubator' && github.event_name == 'release' && startsWith(github.ref, 'refs/tags/')
with:
subject-path: ${{ env.PACKAGE_FILE }}
# (setup-node workaround https://github.com/actions/setup-node/issues/763) otherwise the authentication fails for npmjs
- name: "Set npmjs scope"
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: |
npm config delete @conda-store-ui:registry --location project
npm config set @conda-store-ui:registry 'https://registry.npmjs.org' --location project
npm config set //registry.npmjs.org/:_authToken '${NODE_AUTH_TOKEN}' --location project
- name: "Check npmjs/conda-store-ui scope"
run: npm show
- name: "Publish to npm 📤"
run: |
npm publish --verbose --access public ${{ env.PACKAGE_FILE }}
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
build_and_push_docker_image:
name: "Build Docker Images 🛠"
runs-on: ubuntu-latest
needs: release-to-npmjs:

Check failure on line 152 in .github/workflows/release.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/release.yml

Invalid workflow file

You have an error in your yaml syntax on line 152
permissions:
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
contents: read
packages: write
attestations: write
steps:
- name: "Checkout Repository 🛎"
uses: actions/checkout@v4
- name: "Set up Docker Buildx 🏗"
uses: docker/setup-buildx-action@v3
- name: "Login to GH Container Registry 🐳"
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: "Add Docker metadata 📝"
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ env.REGISTRY }}/conda-store-ui
tags: |
type=ref,event=tag
type=ref,event=branch
type=sha
- name: "Publish Docker image 🚀"
id: push
uses: docker/build-push-action@v5
with:
context: .
target: "prod"
tags: |
${{ steps.meta.outputs.tags }}
push: true
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v2
with:
subject-name: ${{ env.REGISTRY }}/conda-store-ui
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true