|
3 | 3 | branches: |
4 | 4 | - '*' |
5 | 5 | jobs: |
6 | | - build: |
| 6 | + build_website: |
| 7 | + permissions: |
| 8 | + # these permissions are needed to authenticate with gcloud |
| 9 | + contents: 'read' |
| 10 | + id-token: 'write' |
| 11 | + env: |
| 12 | + IMAGE_NAME: lichturm-website |
| 13 | + IMAGE_TAG: prod |
7 | 14 | runs-on: ubuntu-latest |
8 | 15 | steps: |
9 | 16 |
|
| 17 | + # https://github.com/actions/checkout |
10 | 18 | - name: Checkout Repo |
11 | | - uses: actions/checkout@master |
| 19 | + uses: actions/checkout@v4 |
12 | 20 |
|
| 21 | + # https://github.com/jakejarvis/hugo-build-action |
13 | 22 | - name: Build Website |
14 | | - # TODO: pick a version? |
15 | | - uses: jakejarvis/hugo-build-action@master |
| 23 | + uses: jakejarvis/[email protected] |
16 | 24 | with: |
17 | 25 | args: --minify |
18 | 26 |
|
19 | 27 | # so we can inspect what is being produced |
| 28 | + # https://github.com/actions/upload-artifact |
20 | 29 | - name: Upload Website as Artifact |
21 | | - uses: actions/upload-artifact@master |
| 30 | + uses: actions/upload-artifact@v4 |
22 | 31 | with: |
23 | 32 | name: website |
24 | 33 | path: './public' |
25 | 34 |
|
| 35 | + #https://github.com/google-github-actions/auth |
26 | 36 | - name: Google Auth |
27 | 37 | id: auth |
28 | 38 | uses: 'google-github-actions/auth@v2' |
29 | 39 | with: |
30 | 40 | token_format: 'access_token' |
31 | | - project_id: ${{ env.PROJECT_ID }} |
32 | | - service_account: ${{ env.SERVICE_ACCOUNT }} |
33 | | - workload_identity_provider: ${{ env.WORKLOAD_IDENTITY_PROVIDER }} |
| 41 | + project_id: ${{ secrets.PROJECT_ID }} |
| 42 | + service_account: ${{ secrets.SERVICE_ACCOUNT }} |
| 43 | + workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }} |
| 44 | + #project_id: bob |
| 45 | + #service_account: 123 |
| 46 | + #workload_identity_provider: xyz |
34 | 47 |
|
| 48 | + # https://github.com/docker/login-action |
35 | 49 | - name: Docker Auth |
36 | 50 | id: docker-auth |
37 | | - uses: 'docker/login-action@v1' |
| 51 | + uses: 'docker/login-action@v3' |
38 | 52 | with: |
39 | 53 | username: 'oauth2accesstoken' |
40 | 54 | password: '${{ steps.auth.outputs.access_token }}' |
41 | | - registry: '${{ env.CONTAINER_REGISTRY_URL }}-docker.pkg.dev' |
42 | | - |
43 | | - - name: Build and Push Container |
44 | | - run: |- |
45 | | - docker build -t "${{ env.AR_URL }}/${{ env.IMAGE_NAME }}:${{ github.sha }}" ./ |
46 | | - docker push "${{ env.AR_URL }}/${{ env.IMAGE_NAME }}:${{ github.sha }}" |
47 | | -
|
48 | | - # upload to s3 |
49 | | - - name: Install s3cmd |
50 | | - run: | |
51 | | - pip install s3cmd |
52 | | - - name: Configure s3cmd |
53 | | - run: | |
54 | | - echo "[default]" > ~/.s3cfg |
55 | | - echo "access_key = ${{ secrets.S3_KEY_ID }}" >> ~/.s3cfg |
56 | | - echo "secret_key = ${{ secrets.S3_SECRET_KEY }}" >> ~/.s3cfg |
57 | | - echo "host_base = fsn1.your-objectstorage.com" >> ~/.s3cfg |
58 | | - echo "host_bucket = %(bucket)s.fsn1.your-objectstorage.com" >> ~/.s3cfg |
59 | | - - name: Upload files to Hetzner S3 |
60 | | - # with this configuration, the bucket should be specified as e.g. "s3://bucket1" |
61 | | - run: | |
62 | | - s3cmd sync ./public ${{ secrets.S3_BUCKET }} --delete-removed |
| 55 | + registry: '${{ secrets.CONTAINER_REGISTRY_URL }}-docker.pkg.dev' |
| 56 | + |
| 57 | + # https://github.com/docker/setup-qemu-action |
| 58 | + - name: Set up QEMU |
| 59 | + uses: docker/setup-qemu-action@v3 |
| 60 | + |
| 61 | + # https://github.com/docker/setup-buildx-action/tree/master |
| 62 | + - name: Set up Docker Buildx |
| 63 | + uses: docker/setup-buildx-action@v3 |
| 64 | + with: |
| 65 | + buildkitd-flags: --debug |
| 66 | + |
| 67 | + # https://github.com/docker/build-push-action |
| 68 | + - name: Build and push |
| 69 | + uses: docker/build-push-action@v6 |
| 70 | + with: |
| 71 | + # we are not using the default git context because that would ignore our hugo build output |
| 72 | + # see documentation above regarding build context |
| 73 | + context: . |
| 74 | + file: ./Dockerfile |
| 75 | + push: true |
| 76 | + tags: "${{ secrets.CONTAINER_REGISTRY_URL }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}" |
| 77 | + |
| 78 | +# - name: Install s3cmd |
| 79 | +# run: | |
| 80 | +# pip install s3cmd |
| 81 | +# |
| 82 | +# - name: Configure s3cmd |
| 83 | +# run: | |
| 84 | +# echo "[default]" > ~/.s3cfg |
| 85 | +# echo "access_key = ${{ secrets.S3_KEY_ID }}" >> ~/.s3cfg |
| 86 | +# echo "secret_key = ${{ secrets.S3_SECRET_KEY }}" >> ~/.s3cfg |
| 87 | +# echo "host_base = fsn1.your-objectstorage.com" >> ~/.s3cfg |
| 88 | +# echo "host_bucket = %(bucket)s.fsn1.your-objectstorage.com" >> ~/.s3cfg |
| 89 | +# |
| 90 | +# - name: Upload files to Hetzner S3 |
| 91 | +# # with this configuration, the bucket should be specified as e.g. "s3://bucket1" |
| 92 | +# run: | |
| 93 | +# s3cmd sync ./public ${{ secrets.S3_BUCKET }} --delete-removed |
0 commit comments